blob: 96f448400046b3baa223ff1f23da6caa696fd29c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
type mpdecision, domain;
type mpdecision_exec, exec_type, file_type;
init_daemon_domain(mpdecision)
allow mpdecision sysfs_mpdecision:file rw_file_perms;
allow mpdecision sysfs_devices_system_cpu:file rw_file_perms;
allow mpdecision sysfs_rqstats:file w_file_perms;
allow mpdecision sysfs_cpu_online:file rw_file_perms;
#Allow mpdecision set cpu affinity
allow mpdecision kernel:process setsched;
#Allow writes to /dev/cpu_dma_latency
allow mpdecision self:netlink_kobject_uevent_socket { create read setopt bind };
allow mpdecision self:socket create_socket_perms;
allow mpdecision device_latency:chr_file w_file_perms;
allow mpdecision sysfs_rqstats:dir search;
allow mpdecision sysfs_thermal:dir search;
#policies for mpctl
#mpctl socket
allow mpdecision self:capability { net_admin chown dac_override fsetid sys_nice };
allow mpdecision mpctl_socket:dir rw_dir_perms;
allow mpdecision mpctl_socket:sock_file { create_file_perms unlink };
allow mpdecision sysfs:file write;
#default_values file
allow mpdecision mpctl_data_file:dir rw_dir_perms;
allow mpdecision mpctl_data_file:file { create_file_perms unlink };
#allow poll of system_server status
allow mpdecision system_server:dir search;
allow mpdecision system_server:file { open read };
|
