From 030a7ef69cc0827b587c26d13142e032676563a4 Mon Sep 17 00:00:00 2001
From: Corey Tabaka <eieio@google.com>
Date: Wed, 16 Aug 2017 15:02:11 -0700
Subject: [PATCH] Enable performanced to talk to the permission service.

Performanced needs to talk to the permission service to verify
permissions of clients to access certain restricted scheduler
policies.

Bug: 64337476
Test: performance_service_tests passes; logs do not contain avc
      denials for performanced -> permission service.

Change-Id: I31618ab1d3e79c3c10138d567b0f5606527020f9
---
 public/performanced.te | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/public/performanced.te b/public/performanced.te
index 3d3fadb39..9bf813e1a 100644
--- a/public/performanced.te
+++ b/public/performanced.te
@@ -2,6 +2,11 @@
 type performanced, domain, mlstrustedsubject;
 type performanced_exec, exec_type, file_type;
 
+# Needed to check for app permissions.
+binder_use(performanced)
+binder_call(performanced, system_server)
+allow performanced permission_service:service_manager find;
+
 pdx_server(performanced, performance_client)
 
 # TODO: use file caps to obtain sys_nice instead of setuid / setgid.
-- 
GitLab