Acasă Explorează Ajutor
Înregistrare Autentificare
drachfly
/
android10
1
0
Bifurcare 0
Fisiere Probleme 0 Trageți solicitările 0 Wiki
Ramură: master
Ramuri Etichete
android10
/
system
/
sepolicy
/
public
/
performanced.te

performanced.te 1.2 KB
Permalink Istoric Crud

123456789101112131415161718192021222324252627282930 
  1. # performanced
    2. 

  2. type performanced, domain, mlstrustedsubject;
    3. 

  3. type performanced_exec, system_file_type, exec_type, file_type;
    4. 

  4. 

  5. # Needed to check for app permissions.
    6. 

  6. binder_use(performanced)
    7. 

  7. binder_call(performanced, system_server)
    8. 

  8. allow performanced permission_service:service_manager find;
    9. 

  9. 

  10. pdx_server(performanced, performance_client)
    11. 

  11. 

  12. # TODO: use file caps to obtain sys_nice instead of setuid / setgid.
    13. 

  13. allow performanced self:global_capability_class_set { setuid setgid sys_nice };
    14. 

  14. 

  15. # Access /proc to validate we're only affecting threads in the same thread group.
    16. 

  16. # Performanced also shields unbound kernel threads.  It scans every task in the
    17. 

  17. # root cpu set, but only affects the kernel threads.
    18. 

  18. r_dir_file(performanced, { appdomain bufferhubd kernel surfaceflinger })
    19. 

  19. dontaudit performanced domain:dir read;
    20. 

  20. allow performanced { appdomain bufferhubd kernel surfaceflinger }:process setsched;
    21. 

  21. 

  22. # These /proc accesses only show up in permissive mode but they
    23. 

  23. # generate a lot of noise in the log.
    24. 

  24. userdebug_or_eng(`
    25. 

  25.   dontaudit performanced domain:dir open;
    26. 

  26.   dontaudit performanced domain:file { open read getattr };
    27. 

  27. ')
    28. 

  28. 

  29. # Access /dev/cpuset/cpuset.cpus
    30. 

  30. r_dir_file(performanced, cgroup)
    31.