lmkd: allow lmkd to lock itself in memory

addresses the following denial:

  type=1400 audit(1.871:3): avc:  denied  { ipc_lock } for  pid=1406 comm="lmkd" capability=14  scontext=u:r:lmkd:s0 tcontext=u:r:lmkd:s0 tclass=capability

Bug: 16236289
Change-Id: Id9923c16c6db026dd5d28996126f503c5c1d7c87
This commit is contained in:
Nick Kralevich 2014-07-16 11:45:51 -07:00
parent 18a4108d14
commit 6a1405d745

View file

@ -6,6 +6,12 @@ init_daemon_domain(lmkd)
allow lmkd self:capability { dac_override sys_resource kill }; allow lmkd self:capability { dac_override sys_resource kill };
# lmkd locks itself in memory, to prevent it from being
# swapped out and unable to kill other memory hogs.
# system/core commit b28ff9131363f7b4a698990da5748b2a88c3ed35
# b/16236289
allow lmkd self:capability ipc_lock;
## Open and write to /proc/PID/oom_score_adj ## Open and write to /proc/PID/oom_score_adj
## TODO: maybe scope this down? ## TODO: maybe scope this down?
r_dir_file(lmkd, appdomain) r_dir_file(lmkd, appdomain)