lmkd: allow lmkd to lock itself in memory
addresses the following denial:
type=1400 audit(1.871:3): avc: denied { ipc_lock } for pid=1406 comm="lmkd" capability=14 scontext=u:r:lmkd:s0 tcontext=u:r:lmkd:s0 tclass=capability
Bug: 16236289
Change-Id: Id9923c16c6db026dd5d28996126f503c5c1d7c87
This commit is contained in:
Nick Kralevich
parent
18a4108d14
commit
6a1405d745
1 changed files with 6 additions and 0 deletions
6
lmkd.te
6
lmkd.te
|
|
@ -6,6 +6,12 @@ init_daemon_domain(lmkd)
|
||||||
|
|
||||||
allow lmkd self:capability { dac_override sys_resource kill };
|
allow lmkd self:capability { dac_override sys_resource kill };
|
||||||
|
|
||||||
|
# lmkd locks itself in memory, to prevent it from being
|
||||||
|
# swapped out and unable to kill other memory hogs.
|
||||||
|
# system/core commit b28ff9131363f7b4a698990da5748b2a88c3ed35
|
||||||
|
# b/16236289
|
||||||
|
allow lmkd self:capability ipc_lock;
|
||||||
|
|
||||||
## Open and write to /proc/PID/oom_score_adj
|
## Open and write to /proc/PID/oom_score_adj
|
||||||
## TODO: maybe scope this down?
|
## TODO: maybe scope this down?
|
||||||
r_dir_file(lmkd, appdomain)
|
r_dir_file(lmkd, appdomain)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue