lmkd: allow lmkd to lock itself in memory

addresses the following denial: type=1400 audit(1.871:3): avc: denied { ipc_lock } for pid=1406 comm="lmkd" capability=14 scontext=u:r:lmkd:s0 tcontext=u:r:lmkd:s0 tclass=capability Bug: 16236289 Change-Id: Id9923c16c6db026dd5d28996126f503c5c1d7c87
2014-07-16 11:45:51 -07:00 · 2014-07-16 11:45:51 -07:00 · 6a1405d745
commit 6a1405d745
parent 18a4108d14
1 changed files with 6 additions and 0 deletions
--- a/lmkd.te
+++ b/lmkd.te
@ -6,6 +6,12 @@ init_daemon_domain(lmkd)

 allow lmkd self:capability { dac_override sys_resource kill };

+# lmkd locks itself in memory, to prevent it from being
+# swapped out and unable to kill other memory hogs.
+# system/core commit b28ff9131363f7b4a698990da5748b2a88c3ed35
+# b/16236289
+allow lmkd self:capability ipc_lock;
+
 ## Open and write to /proc/PID/oom_score_adj
 ## TODO: maybe scope this down?
 r_dir_file(lmkd, appdomain)