blob: 80378d3ef58e85fee9e9a99a10b1533c0e0594cc [file] [log] [blame]
T.J. Mercier3cf9a7b2024-12-26 23:02:09 +00001# The memcgv2_activation_depth.sh script run by init.
2
3type memcgv2_activation_depth, domain, coredomain;
4type memcgv2_activation_depth_exec, system_file_type, exec_type, file_type;
5
6init_daemon_domain(memcgv2_activation_depth)
7
8# required permissions to run the script from init
9allow memcgv2_activation_depth shell_exec:file rx_file_perms;
10allow memcgv2_activation_depth system_file:file x_file_perms;
11allow memcgv2_activation_depth toolbox_exec:file rx_file_perms;
12
13# for system default max activation depth
14allow memcgv2_activation_depth cgroup_desc_file:file r_file_perms;
15
16# /metadata/libprocessgroup/*
17allow memcgv2_activation_depth libprocessgroup_metadata_file:dir rw_dir_perms;
18allow memcgv2_activation_depth libprocessgroup_metadata_file:file create_file_perms;
19
20# /sys/fs/cgroup/cgroup.controllers
21# /sys/fs/cgroup/**/cgroup.subtree_control
22allow memcgv2_activation_depth cgroup_v2:dir r_dir_perms;
23allow memcgv2_activation_depth cgroup_v2:file rw_file_perms;
24
25# For reboot, when reducing the depth override
26set_prop(memcgv2_activation_depth, powerctl_prop)