| type mpdecision, domain, mlstrustedsubject; |
| type mpdecision_exec, exec_type, file_type; |
| |
| init_daemon_domain(mpdecision) |
| |
| allow mpdecision { |
| sysfs_mpdecision |
| sysfs_devices_system_cpu |
| sysfs_cpu_online |
| }:file rw_file_perms; |
| |
| #Allow mpdecision set cpu affinity |
| allow mpdecision kernel:process setsched; |
| |
| #Allow writes to /dev/cpu_dma_latency |
| allow mpdecision self: { |
| netlink_kobject_uevent_socket |
| socket |
| } create_socket_perms; |
| |
| allow mpdecision device_latency:chr_file w_file_perms; |
| |
| r_dir_file(mpdecision, sysfs_rqstats) |
| allow mpdecision sysfs_rqstats:file w_file_perms; |
| r_dir_file(mpdecision, sysfs_thermal) |
| allow mpdecision sysfs_thermal:file write; |
| |
| #policies for mpctl |
| #mpctl socket |
| allow mpdecision self:capability { net_admin chown dac_override fsetid sys_nice }; |
| allow mpdecision mpctl_socket:dir rw_dir_perms; |
| allow mpdecision mpctl_socket:sock_file create_file_perms; |
| |
| allow mpdecision sysfs:file w_file_perms; |
| |
| #default_values file |
| allow mpdecision mpctl_data_file:dir rw_dir_perms; |
| allow mpdecision mpctl_data_file:file create_file_perms; |
| |
| #allow poll of system_server status |
| r_dir_file(mpdecision, system_server) |
| |
| #mpdecision set properties |
| unix_socket_connect(mpdecision, property, init) |
| allow mpdecision mpdecision_prop:property_service set; |