| # Car watchdog server. |
| typeattribute carwatchdogd coredomain; |
| typeattribute carwatchdogd mlstrustedsubject; |
| |
| type carwatchdogd_exec, exec_type, file_type, system_file_type; |
| |
| init_daemon_domain(carwatchdogd) |
| add_service(carwatchdogd, carwatchdogd_service) |
| binder_use(carwatchdogd) |
| binder_service(carwatchdogd) |
| |
| # Configration to communicate with VHAL. |
| hwbinder_use(carwatchdogd) |
| get_prop(carwatchdogd, hwservicemanager_prop) |
| hal_client_domain(carwatchdogd, hal_vehicle) |
| |
| # Scan through /proc/pid for all processes. |
| r_dir_file(carwatchdogd, domain) |
| |
| # Read /proc/uid_io/stats. |
| allow carwatchdogd proc_uid_io_stats:file r_file_perms; |
| |
| # Read /proc/stat file. |
| allow carwatchdogd proc_stat:file r_file_perms; |
| |
| # Read /proc/diskstats file. |
| allow carwatchdogd proc_diskstats:file r_file_perms; |
| |
| # List HALs to get pid of vehicle HAL. |
| allow carwatchdogd hwservicemanager:hwservice_manager list; |
| |
| # R/W /data/system/car for resource overuse configurations. |
| allow carwatchdogd system_car_data_file:dir create_dir_perms; |
| allow carwatchdogd system_car_data_file:{ file lnk_file } create_file_perms; |