platform_system_sepolicy/private/profcollectd.te

# profcollectd - hardware profile collection daemon
type profcollectd, domain, coredomain, mlstrustedsubject;
type profcollectd_exec, system_file_type, exec_type, file_type;

userdebug_or_eng(`
  init_daemon_domain(profcollectd)

  # profcollectd opens a file for writing in /data/misc/profcollectd.
  allow profcollectd profcollectd_data_file:file create_file_perms;
  allow profcollectd profcollectd_data_file:dir create_dir_perms;

  # Allow profcollectd full use of perf_event_open(2), to enable system wide profiling.
  allow profcollectd self:perf_event { cpu kernel open read write };

  # Allow profcollectd to scan through /proc/pid for all processes.
  r_dir_file(profcollectd, domain)

  # Allow profcollectd to read executable binaries.
  allow profcollectd system_file_type:file r_file_perms;
  allow profcollectd vendor_file_type:file r_file_perms;

  # Allow profcollectd to read system bootstrap libs.
  allow profcollectd system_bootstrap_lib_file:dir search;
  allow profcollectd system_bootstrap_lib_file:file r_file_perms;

  # Allow profcollectd to access tracefs.
  allow profcollectd debugfs_tracing:dir r_dir_perms;
  allow profcollectd debugfs_tracing:file rw_file_perms;
  allow profcollectd debugfs_tracing_debug:dir r_dir_perms;
  allow profcollectd debugfs_tracing_debug:file rw_file_perms;

  # Allow profcollectd to write to perf_event_paranoid under /proc.
  allow profcollectd proc_perf:file write;

  # Allow profcollectd to access cs_etm sysfs.
  r_dir_file(profcollectd, sysfs_devices_cs_etm)

  # Allow profcollectd to ptrace.
  allow profcollectd self:global_capability_class_set sys_ptrace;

  # Allow profcollectd to read its system properties.
  get_prop(profcollectd, device_config_profcollect_native_boot_prop)

  # Allow profcollectd to publish a binder service and make binder calls.
  binder_use(profcollectd)
  add_service(profcollectd, profcollectd_service)
')