cpp/watchdog/sepolicy/private/carwatchdog.te - platform/packages/services/Car - Gitiles

 # Car watchdog server
 typeattribute carwatchdogd coredomain;
 typeattribute carwatchdogd mlstrustedsubject;

 type carwatchdogd_exec, exec_type, file_type, system_file_type;

 init_daemon_domain(carwatchdogd)
 add_service(carwatchdogd, carwatchdogd_service)
 binder_use(carwatchdogd)
 binder_service(carwatchdogd)

 # Configration to communicate with VHAL
 hwbinder_use(carwatchdogd)
 get_prop(carwatchdogd, hwservicemanager_prop)
 hal_client_domain(carwatchdogd, hal_vehicle)

 # Scan through /proc/pid for all processes
 r_dir_file(carwatchdogd, domain)

 # Read /proc/uid_io/stats
 allow carwatchdogd proc_uid_io_stats:file r_file_perms;

 # Read /proc/stat file
 allow carwatchdogd proc_stat:file r_file_perms;

 # Read /proc/diskstats file
 allow carwatchdogd proc_diskstats:file r_file_perms;

 # List HALs to get pid of vehicle HAL.
 allow carwatchdogd hwservicemanager:hwservice_manager list;
	# Car watchdog server
	typeattribute carwatchdogd coredomain;
	typeattribute carwatchdogd mlstrustedsubject;

	type carwatchdogd_exec, exec_type, file_type, system_file_type;

	init_daemon_domain(carwatchdogd)
	add_service(carwatchdogd, carwatchdogd_service)
	binder_use(carwatchdogd)
	binder_service(carwatchdogd)

	# Configration to communicate with VHAL
	hwbinder_use(carwatchdogd)
	get_prop(carwatchdogd, hwservicemanager_prop)
	hal_client_domain(carwatchdogd, hal_vehicle)

	# Scan through /proc/pid for all processes
	r_dir_file(carwatchdogd, domain)

	# Read /proc/uid_io/stats
	allow carwatchdogd proc_uid_io_stats:file r_file_perms;

	# Read /proc/stat file
	allow carwatchdogd proc_stat:file r_file_perms;

	# Read /proc/diskstats file
	allow carwatchdogd proc_diskstats:file r_file_perms;

	# List HALs to get pid of vehicle HAL.
	allow carwatchdogd hwservicemanager:hwservice_manager list;