sepolicy: add kill permissions to perfd

Add permissions to allow perfd kill
permissions to send signull to processes

Change-Id: Id4ea3b93a2de4eb46c45cbb3c4c93f5fdfeca1ef

1 files changed, 12 insertions, 1 deletions

diff --git a/common/perfd.te b/common/perfd.te
index c74ae584..9fa0c391 100644
--- a/common/perfd.te
+++ b/common/perfd.te
@@ -3,7 +3,7 @@ type perfd_exec, exec_type, file_type;
 
 init_daemon_domain(perfd)
 
-allow perfd self:capability { net_admin chown dac_override fsetid };
+allow perfd self:capability { net_admin chown dac_override fsetid kill };
 allow perfd {
     sysfs_devices_system_cpu
     sysfs_cpu_online
@@ -36,3 +36,14 @@ unix_socket_connect(perfd, thermal, thermal-engine);
 
 # Access device nodes inside /dev/cpuctl
 allow perfd cpuctl_device:chr_file rw_file_perms;
+
+# Allow perfd to send signull
+allow perfd {
+    system_server
+    system_app
+    wfdservice
+    mediaserver
+    thermal-engine
+    surfaceflinger
+    appdomain
+}:process signull;