mirror of
https://github.com/Evolution-X-Devices/device_google_wahoo
synced 2026-02-01 07:50:47 +00:00
1f85c07202
Bug: 36463595 Test: lunch walleye-userdebug && make -j48 sepolicy Change-Id: Idbc83b06edcb3eb2ea548a16ed93f711cda150c1 Signed-off-by: Sandeep Patil <sspatil@google.com>
39 lines
1.4 KiB
Plaintext
39 lines
1.4 KiB
Plaintext
type perfd, domain;
|
|
type perfd_exec, exec_type, vendor_file_type, file_type;
|
|
|
|
init_daemon_domain(perfd)
|
|
|
|
r_dir_file(perfd, sysfs_msm_subsys)
|
|
|
|
# perfd uses kill(pid, 0) to determine if a process exists.
|
|
# Determining if a process exists does not require the kill capability
|
|
# since a permission denied indicates the process exists.
|
|
dontaudit perfd self:capability kill;
|
|
|
|
allow perfd mediacodec:process signull;
|
|
|
|
allow perfd cgroup:file r_file_perms;
|
|
allow perfd post_boot_prop:file r_file_perms;
|
|
|
|
allow perfd proc:file rw_file_perms;
|
|
allow perfd sysfs_soc:dir search;
|
|
allow perfd sysfs_soc:file r_file_perms;
|
|
allow perfd sysfs_msm_subsys:file w_file_perms;
|
|
|
|
allow perfd perfd_socket:sock_file write;
|
|
|
|
allow perfd latency_device:chr_file w_file_perms;
|
|
|
|
userdebug_or_eng(`
|
|
permissive perfd;
|
|
')
|
|
|
|
# TODO(b/34274385): Remove this once HALs are guaranteed to not be run in passthrough mode
|
|
# What's going on here is that Audio HAL, Power and DRM HAL are talking over sockets to perfd,
|
|
# which is permitted. However, those rules target hal_x rather than hal_x_server and thus are also
|
|
# granted to all clients of these HALs (e.g., system_server) which are core components, and
|
|
# socket communications between system components and vendor components are not permted.
|
|
# Once we switch full Treble devices to binderized only mode, this issue will disappear.
|
|
typeattribute perfd socket_between_core_and_vendor_violators;
|
|
|