1type perfd, domain; 2type perfd_exec, exec_type, vendor_file_type, file_type; 3 4init_daemon_domain(perfd) 5 6r_dir_file(perfd, sysfs_msm_subsys) 7 8# perfd uses kill(pid, 0) to determine if a process exists. 9# Determining if a process exists does not require the kill capability 10# since a permission denied indicates the process exists. 11dontaudit perfd self:capability kill; 12 13allow perfd mediacodec:process signull; 14allow perfd hal_power_default:process signull; 15 16allow perfd cgroup:file r_file_perms; 17allow perfd post_boot_prop:file r_file_perms; 18 19allow perfd proc:file rw_file_perms; 20allow perfd sysfs_clkscale:file r_file_perms; 21allow perfd sysfs_graphics:dir search; 22allow perfd sysfs_graphics:file r_file_perms; 23allow perfd sysfs_soc:dir search; 24allow perfd sysfs_soc:file r_file_perms; 25allow perfd sysfs_graphics:dir search; 26allow perfd sysfs_graphics:file r_file_perms; 27allow perfd sysfs_msm_subsys:file w_file_perms; 28allow perfd sysfs_devices_system_cpu:file w_file_perms; 29 30allow perfd perfd_socket:sock_file write; 31 32allow perfd latency_device:chr_file w_file_perms; 33