| # profcollectd - hardware profile collection daemon |
| type profcollectd, domain, coredomain; |
| type profcollectd_exec, system_file_type, exec_type, file_type; |
| |
| userdebug_or_eng(` |
| init_daemon_domain(profcollectd) |
| |
| # profcollectd opens a file for writing in /data/misc/profcollectd. |
| allow profcollectd profcollectd_data_file:file create_file_perms; |
| allow profcollectd profcollectd_data_file:dir rw_dir_perms; |
| |
| # Allow profcollectd full use of perf_event_open(2), to enable system wide profiling. |
| allow profcollectd self:perf_event { cpu kernel open read write }; |
| |
| # Allow profcollectd to scan through /proc/pid for all processes. |
| r_dir_file(profcollectd, domain) |
| |
| # Allow profcollectd to read executable binaries. |
| allow profcollectd system_file_type:file r_file_perms; |
| allow profcollectd vendor_file_type:file r_file_perms; |
| |
| # Allow profcollectd to access tracefs. |
| allow profcollectd debugfs_tracing:dir r_dir_perms; |
| allow profcollectd debugfs_tracing:file rw_file_perms; |
| allow profcollectd debugfs_tracing_debug:dir r_dir_perms; |
| allow profcollectd debugfs_tracing_debug:file rw_file_perms; |
| |
| # Allow profcollectd to write to perf_event_paranoid under /proc. |
| allow profcollectd proc_perf:file write; |
| |
| # Allow profcollectd to access cs_etm sysfs. |
| r_dir_file(profcollectd, sysfs_devices_cs_etm) |
| |
| # Allow profcollectd to ptrace. |
| allow profcollectd self:global_capability_class_set sys_ptrace; |
| |
| # Allow profcollectd to read its system properties. |
| get_prop(profcollectd, device_config_profcollect_native_boot_prop) |
| |
| # Allow profcollectd to publish a binder service and make binder calls. |
| binder_use(profcollectd) |
| add_service(profcollectd, profcollectd_service) |
| ') |