platform_system_sepolicy/private/rss_hwm_reset.te

type rss_hwm_reset_exec, system_file_type, exec_type, file_type;

# Start rss_hwm_reset from init.
init_daemon_domain(rss_hwm_reset)

# Search /proc/pid directories.
allow rss_hwm_reset domain:dir search;

# Write to /proc/pid/clear_refs of other processes.
# /proc/pid/clear_refs is S_IWUSER, see: fs/proc/base.c
allow rss_hwm_reset self:global_capability_class_set { dac_override };

# Write to /prc/pid/clear_refs.
allow rss_hwm_reset domain:file w_file_perms;
SELinux policy for rss_hwm_reset rss_hwm_reset is binary that reset RSS high-water mark counters for all currently running processes. It runs in a separate process because it needs dac_override capability. Bug: 119603799 Test: no errors in logcat Change-Id: I6221a5eca3427bf532830575d8fba98eb3e65c29 2018-11-15 14:04:13 +01:00			`type rss_hwm_reset_exec, system_file_type, exec_type, file_type;`

			`# Start rss_hwm_reset from init.`
			`init_daemon_domain(rss_hwm_reset)`

			`# Search /proc/pid directories.`
			`allow rss_hwm_reset domain:dir search;`

			`# Write to /proc/pid/clear_refs of other processes.`
			`# /proc/pid/clear_refs is S_IWUSER, see: fs/proc/base.c`
			`allow rss_hwm_reset self:global_capability_class_set { dac_override };`

			`# Write to /prc/pid/clear_refs.`
			`allow rss_hwm_reset domain:file w_file_perms;`