44 lines
1.2 KiB
Text
44 lines
1.2 KiB
Text
type mpdecision, domain, domain_deprecated, mlstrustedsubject;
|
|
type mpdecision_exec, exec_type, file_type;
|
|
|
|
init_daemon_domain(mpdecision)
|
|
|
|
allow mpdecision {
|
|
sysfs_mpdecision
|
|
sysfs_devices_system_cpu
|
|
sysfs_cpu_online
|
|
}:file rw_file_perms;
|
|
|
|
#Allow mpdecision set cpu affinity
|
|
allow mpdecision kernel:process setsched;
|
|
|
|
#Allow writes to /dev/cpu_dma_latency
|
|
allow mpdecision self: {
|
|
netlink_kobject_uevent_socket
|
|
socket
|
|
} create_socket_perms;
|
|
|
|
allow mpdecision device_latency:chr_file w_file_perms;
|
|
|
|
r_dir_file(mpdecision, sysfs_rqstats)
|
|
allow mpdecision sysfs_rqstats:file w_file_perms;
|
|
r_dir_file(mpdecision, sysfs_thermal)
|
|
allow mpdecision sysfs_thermal:file write;
|
|
|
|
#policies for mpctl
|
|
#mpctl socket
|
|
allow mpdecision self:capability { net_admin chown dac_override fsetid sys_nice };
|
|
allow mpdecision mpctl_socket:dir rw_dir_perms;
|
|
allow mpdecision mpctl_socket:sock_file create_file_perms;
|
|
|
|
allow mpdecision sysfs:file w_file_perms;
|
|
|
|
#default_values file
|
|
allow mpdecision mpctl_data_file:dir rw_dir_perms;
|
|
allow mpdecision mpctl_data_file:file create_file_perms;
|
|
|
|
#allow poll of system_server status
|
|
r_dir_file(mpdecision, system_server)
|
|
|
|
#mpdecision set properties
|
|
set_prop(mpdecision, mpdecision_prop)
|