Allow vold to change priority when benchmarking.

avc: denied { sys_nice } for capability=23 scontext=u:r:vold:s0 tcontext=u:r:vold:s0 tclass=capability permissive=0 Bug: 21711477 Change-Id: I78e7a6667e06a4b1a2b0c4d26ddae4797231e553
2015-06-11 13:00:30 -07:00 · 2015-06-11 13:00:30 -07:00 · 769b96f2e3
commit 769b96f2e3
parent d245789c34
1 changed files with 3 additions and 0 deletions
--- a/vold.te
+++ b/vold.te
@ -156,6 +156,9 @@ allow vold vold_data_file:file create_file_perms;
 allow vold init:key { write search setattr };
 allow vold vold:key { write search setattr };

+# vold temporarily changes its priority when running benchmarks
+allow vold self:capability sys_nice;
+
 neverallow { domain -vold } vold_data_file:dir ~{ open create read getattr setattr search relabelto ioctl };
 neverallow { domain -vold } vold_data_file:notdevfile_class_set ~{ relabelto getattr };
 neverallow { domain -vold -init } vold_data_file:dir *;