Selinux: Allow lmkd write access to sys.lmk. properties

Allow lmkd write access to sys.lmk. properties to be able to set sys.lmk.minfree_levels. Bug: 111521182 Test: getprop sys.lmk.minfree_levels returns value set by lmkd Change-Id: I86ff11d75917966857d3a76876a56799bb92a5ad Signed-off-by: Suren Baghdasaryan <surenb@google.com>
2018-07-24 17:04:18 -07:00 · 2018-07-24 17:04:18 -07:00 · c8ed855ede
commit c8ed855ede
parent 3dd465a097
6 changed files with 9 additions and 0 deletions
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@ -111,6 +111,7 @@
    storaged_data_file
    sysfs_fs_ext4_features
    system_boot_reason_prop
+    system_lmk_prop
    system_net_netd_hwservice
    system_update_service
    test_boot_reason_prop
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@ -97,6 +97,7 @@
    statsdw_socket
    storaged_data_file
    system_boot_reason_prop
+    system_lmk_prop
    system_update_service
    test_boot_reason_prop
    time_prop
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@ -11,6 +11,7 @@
    llkd_tmpfs
    mnt_product_file
    overlayfs_file
+    system_lmk_prop
    time_prop
    timedetector_service
    timezonedetector_service
--- a/private/property_contexts
+++ b/private/property_contexts
@ -73,6 +73,7 @@ sys.boot.reason         u:object_r:system_boot_reason_prop:s0
 sys.boot.reason.last    u:object_r:last_boot_reason_prop:s0
 pm.                     u:object_r:pm_prop:s0
 test.sys.boot.reason    u:object_r:test_boot_reason_prop:s0
+sys.lmk.                u:object_r:system_lmk_prop:s0

 # Boolean property set by system server upon boot indicating
 # if device owner is provisioned.
--- a/public/lmkd.te
+++ b/public/lmkd.te
@ -35,6 +35,9 @@ allow lmkd self:global_capability_class_set sys_nice;

 allow lmkd proc_zoneinfo:file r_file_perms;

+# Set sys.lmk.* properties.
+set_prop(lmkd, system_lmk_prop)
+
 # live lock watchdog process allowed to look through /proc/
 allow lmkd domain:dir { search open read };
 allow lmkd domain:file { open read };
--- a/public/property.te
+++ b/public/property.te
@ -35,6 +35,7 @@ type fingerprint_prop, property_type, core_property_type;
 type firstboot_prop, property_type;
 type hwservicemanager_prop, property_type;
 type last_boot_reason_prop, property_type;
+type system_lmk_prop, property_type;
 type logd_prop, property_type, core_property_type;
 type logpersistd_logging_prop, property_type;
 type log_prop, property_type, log_property_type;
@ -381,6 +382,7 @@ compatible_property_only(`
    -firstboot_prop
    -hwservicemanager_prop
    -last_boot_reason_prop
+    -system_lmk_prop
    -log_prop
    -log_tag_prop
    -logd_prop