# profcollectd - hardware profile collection daemon type profcollectd, domain, coredomain; type profcollectd_exec, system_file_type, exec_type, file_type; userdebug_or_eng(` init_daemon_domain(profcollectd) # profcollectd opens a file for writing in /data/misc/profcollectd. allow profcollectd profcollectd_data_file:file create_file_perms; allow profcollectd profcollectd_data_file:dir create_dir_perms; # Allow profcollectd full use of perf_event_open(2), to enable system wide profiling. allow profcollectd self:perf_event { cpu kernel open read write }; # Allow profcollectd to scan through /proc/pid for all processes. r_dir_file(profcollectd, domain) # Allow profcollectd to read executable binaries. allow profcollectd system_file_type:file r_file_perms; allow profcollectd vendor_file_type:file r_file_perms; allow profcollectd system_bootstrap_lib_file:file r_file_perms; # Allow profcollectd to access tracefs. allow profcollectd debugfs_tracing:dir r_dir_perms; allow profcollectd debugfs_tracing:file rw_file_perms; allow profcollectd debugfs_tracing_debug:dir r_dir_perms; allow profcollectd debugfs_tracing_debug:file rw_file_perms; # Allow profcollectd to write to perf_event_paranoid under /proc. allow profcollectd proc_perf:file write; # Allow profcollectd to access cs_etm sysfs. r_dir_file(profcollectd, sysfs_devices_cs_etm) # Allow profcollectd to ptrace. allow profcollectd self:global_capability_class_set sys_ptrace; # Allow profcollectd to read its system properties. get_prop(profcollectd, device_config_profcollect_native_boot_prop) # Allow profcollectd to publish a binder service and make binder calls. binder_use(profcollectd) add_service(profcollectd, profcollectd_service) ')