blob: b217d9657eaeb10303039e2b6409978326b2e84c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
type mpdecision, domain, mlstrustedsubject;
type mpdecision_exec, exec_type, file_type;
init_daemon_domain(mpdecision)
allow mpdecision {
sysfs_mpdecision
sysfs_devices_system_cpu
sysfs_cpu_online
}:file rw_file_perms;
#Allow mpdecision set cpu affinity
allow mpdecision kernel:process setsched;
#Allow writes to /dev/cpu_dma_latency
allow mpdecision self: {
netlink_kobject_uevent_socket
socket
} create_socket_perms;
allow mpdecision device_latency:chr_file w_file_perms;
r_dir_file(mpdecision, sysfs_rqstats)
allow mpdecision sysfs_rqstats:file w_file_perms;
r_dir_file(mpdecision, sysfs_thermal)
allow mpdecision sysfs_thermal:file write;
#policies for mpctl
#mpctl socket
allow mpdecision self:capability { net_admin chown dac_override fsetid sys_nice };
allow mpdecision mpctl_socket:dir rw_dir_perms;
allow mpdecision mpctl_socket:sock_file create_file_perms;
allow mpdecision sysfs:file w_file_perms;
#default_values file
allow mpdecision mpctl_data_file:dir rw_dir_perms;
allow mpdecision mpctl_data_file:file create_file_perms;
#allow poll of system_server status
r_dir_file(mpdecision, system_server)
#mpdecision set properties
unix_socket_connect(mpdecision, property, init)
allow mpdecision mpdecision_prop:property_service set;
|
