platform_system_sepolicy/private/rss_hwm_reset.te
Rafal Slawik 4e1c5764b5 SELinux policy for rss_hwm_reset
rss_hwm_reset is binary that reset RSS high-water mark counters for all
currently running processes. It runs in a separate process because it
needs dac_override capability.

Bug: 119603799
Test: no errors in logcat
Change-Id: I6221a5eca3427bf532830575d8fba98eb3e65c29
2018-12-15 10:13:03 +00:00

14 lines
464 B
Text

type rss_hwm_reset_exec, system_file_type, exec_type, file_type;
# Start rss_hwm_reset from init.
init_daemon_domain(rss_hwm_reset)
# Search /proc/pid directories.
allow rss_hwm_reset domain:dir search;
# Write to /proc/pid/clear_refs of other processes.
# /proc/pid/clear_refs is S_IWUSER, see: fs/proc/base.c
allow rss_hwm_reset self:global_capability_class_set { dac_override };
# Write to /prc/pid/clear_refs.
allow rss_hwm_reset domain:file w_file_perms;