1type prefetch, coredomain, domain; 2type prefetch_exec, exec_type, file_type, system_file_type; 3 4init_daemon_domain(prefetch) 5 6# Allow prefetch to start recording by enabling tracing event under 7# /sys/kernel/tracing/events/filemap/mm_filemap_add_to_page_cache 8allow prefetch debugfs_tracing_instances:dir create_dir_perms; 9allow prefetch debugfs_tracing_instances:file rw_file_perms; 10 11# Allow to read/write/create/delete to storage prefetch record files 12allow prefetch metadata_file:dir search; 13allow prefetch prefetch_metadata_file:dir rw_dir_perms; 14allow prefetch prefetch_metadata_file:file create_file_perms; 15 16get_prop(prefetch, prefetch_boot_prop); 17set_prop(prefetch, prefetch_service_prop); 18 19# Disallow other domains controlling prefetch service. 20neverallow { 21 domain 22 -init 23 -shell 24} ctl_prefetch_prop:property_service set; 25 26# Allow rootfs so prefetch can walk through directory tree and 27# create a map of inodes -> file path. 28allow prefetch rootfs:dir { open read search getattr }; 29