From 24be391681aaebfe7aceca748bbf5d84774cae2f Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Thu, 27 Feb 2014 15:38:45 -0800
Subject: [PATCH] Give lmkd kill capability

lmkd needs the capability to kill processes.

Addresses the following denial:

<5>[12619.064604] type=1400 audit(1393540506.745:2565): avc:  denied  { kill } for  pid=116 comm="lmkd" capability=5  scontext=u:r:lmkd:s0 tcontext=u:r:lmkd:s0 tclass=capability

Addresses the following errors:

02-27 13:13:50.995   116   116 I lowmemorykiller: Killing 'com.google.android.deskclock' (7133), adj 15
02-27 13:13:50.995   116   116 I lowmemorykiller:    to free 33836kB because cache 118512kB is below limit 122880kB for oom_adj 15
02-27 13:13:50.995   116   116 I lowmemorykiller:    Free memory is -28472kB below reserved
02-27 13:13:50.995   116   116 E lowmemorykiller: kill(7133): errno=1

Change-Id: I7cca238610307aba9d77aa2e52a32ebd6aec3f3c
---
 lmkd.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lmkd.te b/lmkd.te
index 8643d9115..a8b52c34b 100644
--- a/lmkd.te
+++ b/lmkd.te
@@ -4,7 +4,7 @@ type lmkd_exec, exec_type, file_type;
 
 init_daemon_domain(lmkd)
 
-allow lmkd self:capability { dac_override sys_resource };
+allow lmkd self:capability { dac_override sys_resource kill };
 
 ## Open and write to /proc/PID/oom_score_adj
 ## TODO: maybe scope this down?