Minimize public policy
Ideally, public should only contain APIs (types / attributes) for
vendor. The other statements like allow/neverallow/typeattributes are
regarded as implementation detail for platform and should be in private.
Bug: 232023812
Test: m selinux_policy
Test: diff <(git diff --staged | grep "^-" | cut -b2- | sort) \
<(git diff --staged | grep "^+" | cut -b2- | sort)
Test: remove comments on plat_sepolicy.cil, replace base_typeattr_*
to base_typeattr and then compare old and new plat_sepolicy.cil
Change-Id: I5e7d2da4465ab0216de6bacdf03077d37f6ffe12
diff --git a/private/performanced.te b/private/performanced.te
index 792826e..98107ca 100644
--- a/private/performanced.te
+++ b/private/performanced.te
@@ -1,3 +1,31 @@
typeattribute performanced coredomain;
init_daemon_domain(performanced)
+
+# Needed to check for app permissions.
+binder_use(performanced)
+binder_call(performanced, system_server)
+allow performanced permission_service:service_manager find;
+
+pdx_server(performanced, performance_client)
+
+# TODO: use file caps to obtain sys_nice instead of setuid / setgid.
+allow performanced self:global_capability_class_set { setuid setgid sys_nice };
+
+# Access /proc to validate we're only affecting threads in the same thread group.
+# Performanced also shields unbound kernel threads. It scans every task in the
+# root cpu set, but only affects the kernel threads.
+r_dir_file(performanced, { appdomain bufferhubd kernel surfaceflinger })
+dontaudit performanced domain:dir read;
+allow performanced { appdomain bufferhubd kernel surfaceflinger }:process setsched;
+
+# These /proc accesses only show up in permissive mode but they
+# generate a lot of noise in the log.
+userdebug_or_eng(`
+ dontaudit performanced domain:dir open;
+ dontaudit performanced domain:file { open read getattr };
+')
+
+# Access /dev/cpuset/cpuset.cpus
+r_dir_file(performanced, cgroup)
+r_dir_file(performanced, cgroup_v2)