diff options
author | Vince Leung <vincentl@codeaurora.org> | 2015-12-09 18:32:00 -0800 |
---|---|---|
committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2015-12-17 17:37:17 -0800 |
commit | 87ccb2f22022c4fd37850fb078c7521595fcce32 (patch) | |
tree | 434b254c3a805507f2a20fb7783968ecae8ec3e8 | |
parent | 9ed5e56a0b0ef0a5b0a9fba4b69ca9ce705c2d89 (diff) | |
download | android_device_qcom_sepolicy-87ccb2f22022c4fd37850fb078c7521595fcce32.tar.gz android_device_qcom_sepolicy-87ccb2f22022c4fd37850fb078c7521595fcce32.tar.bz2 android_device_qcom_sepolicy-87ccb2f22022c4fd37850fb078c7521595fcce32.zip |
sepolicy: add kill permissions to perfd
Add permissions to allow perfd kill
permissions to send signull to processes
Change-Id: Id4ea3b93a2de4eb46c45cbb3c4c93f5fdfeca1ef
-rw-r--r-- | common/perfd.te | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/common/perfd.te b/common/perfd.te index c74ae584..9fa0c391 100644 --- a/common/perfd.te +++ b/common/perfd.te @@ -3,7 +3,7 @@ type perfd_exec, exec_type, file_type; init_daemon_domain(perfd) -allow perfd self:capability { net_admin chown dac_override fsetid }; +allow perfd self:capability { net_admin chown dac_override fsetid kill }; allow perfd { sysfs_devices_system_cpu sysfs_cpu_online @@ -36,3 +36,14 @@ unix_socket_connect(perfd, thermal, thermal-engine); # Access device nodes inside /dev/cpuctl allow perfd cpuctl_device:chr_file rw_file_perms; + +# Allow perfd to send signull +allow perfd { + system_server + system_app + wfdservice + mediaserver + thermal-engine + surfaceflinger + appdomain +}:process signull; |