c56805614c
This set of rules is neeeded to allow vr_windows_manager to run successfully on the system. Bug: 32541196 Test: `m -j32` succeeds. Sailfish device boots. Change-Id: I0aec94d80f655a6f47691cf2622dd158ce9e475f
18 lines
774 B
Text
18 lines
774 B
Text
# performanced
|
|
type performanced, domain, mlstrustedsubject;
|
|
type performanced_exec, exec_type, file_type;
|
|
|
|
pdx_server(performanced)
|
|
|
|
# TODO: use file caps to obtain sys_nice instead of setuid / setgid.
|
|
allow performanced self:capability { setuid setgid sys_nice };
|
|
|
|
# Access /proc to validate we're only affecting threads in the same thread group.
|
|
# Performanced also shields unbound kernel threads. It scans every task in the
|
|
# root cpu set, but only affects the kernel threads.
|
|
r_dir_file(performanced, { appdomain bufferhubd kernel sensord surfaceflinger vr_wm })
|
|
dontaudit performanced domain:dir read;
|
|
allow performanced { appdomain bufferhubd kernel sensord surfaceflinger vr_wm }:process setsched;
|
|
|
|
# Access /dev/cpuset/cpuset.cpus
|
|
r_dir_file(performanced, cgroup)
|