2014-06-11 13:23:05 +00:00
|
|
|
# DAC overrides
|
2020-11-26 10:02:35 +00:00
|
|
|
allow mpdecision self:capability dac_override;
|
|
|
|
|
auditallow mpdecision self:capability dac_override;
|
2013-11-15 17:58:07 +00:00
|
|
|
|
|
|
|
|
# CPU hotplug uevent to manage cores
|
|
|
|
|
allow mpdecision self:netlink_kobject_uevent_socket { create setopt bind read };
|
|
|
|
|
allow mpdecision self:capability net_admin;
|
|
|
|
|
|
|
|
|
|
# Create under /dev/socket/mpdecision
|
|
|
|
|
allow mpdecision mpdecision_socket:dir w_dir_perms;
|
|
|
|
|
allow mpdecision mpdecision_socket:sock_file create_file_perms;
|
|
|
|
|
|
|
|
|
|
# Also support mpdecision creating the /dev/socket/pb socket
|
|
|
|
|
type_transition mpdecision socket_device:sock_file mpdecision_socket;
|
|
|
|
|
allow mpdecision self:capability chown;
|
|
|
|
|
allow mpdecision socket_device:dir w_dir_perms;
|
|
|
|
|
|
|
|
|
|
# By-product of setting owner on sock_file (don't allow)
|
|
|
|
|
dontaudit mpdecision self:capability fsetid;
|
|
|
|
|
|
|
|
|
|
allow mpdecision sysfs_devices_system_cpu:file rw_file_perms;
|
|
|
|
|
allow mpdecision sysfs_mpdecision:dir r_dir_perms;
|
|
|
|
|
allow mpdecision sysfs_mpdecision:file rw_file_perms;
|
|
|
|
|
|
|
|
|
|
allow mpdecision sysfs:file write;
|
|
|
|
|
|
|
|
|
|
# This is needed to allow mpdecision to look at system_server's
|
|
|
|
|
# /proc/PID/status file.
|
|
|
|
|
r_dir_file(mpdecision, system_server)
|
2014-03-26 14:51:55 +00:00
|
|
|
r_dir_file(mpdecision, mediaserver)
|
2016-10-31 11:15:40 +00:00
|
|
|
r_dir_file(mpdecision, cameraserver)
|
2014-05-05 20:14:13 +00:00
|
|
|
|
|
|
|
|
allow mpdecision self:capability sys_nice;
|
