type perfd, domain;
type perfd_exec, exec_type, vendor_file_type, file_type;

init_daemon_domain(perfd)

allow perfd cgroup:file r_file_perms;

allow perfd cameraserver:process signull;

# files in /data/misc/perfd and /data/system/perfd
typeattribute perfd data_between_core_and_vendor_violators;
allow perfd perfd_data_file:dir create_dir_perms;
allow perfd perfd_data_file:{ file sock_file } create_file_perms;

allow perfd proc_kernel_sched:file r_file_perms;

# read access /sys
r_dir_file(perfd, sysfs_type)
# normally write is not granted to the default "sysfs" label.
# In this case, perfd needs access to files in /sys that are
# commonly created and destroyed. When the kernel creates them,
# they are created with the default label "sysfs". For robustness,
# allow perfd to write to "sysfs" to ensure it can optimally
# tune the power/cpu settings.
allow perfd sysfs:file write;
allow perfd sysfs_perf:file write;
allow perfd sysfs_msm_subsys:file write;
allow perfd sysfs_devices_system_cpu:file write;
allow perfd sysfs_power_management:file write;

allow perfd proc_kernel_sched:file w_file_perms;
allow perfd gpu_device:chr_file rw_file_perms;

# perfd uses kill(pid, 0) to determine if a process exists.
# Determining if a process exists does not require the kill capability
# since a permission denied indicates the process exists.
dontaudit perfd self:capability kill;