PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

allow system_server to set kernel scheduling priority

Browse Source 
Addresses the following denial:

  avc: denied { setsched } for comm="system_server" scontext=u:r:system_server:s0 tcontext=u:r:kernel:s0 tclass=process permissive=0

It's not clear why system_server is adjusting the scheduling priority
of kernel processes (ps -Z | grep kernel). For now, allow the operation,
although this is likely a kernel bug.

Maybe fix bug 18085992.

Bug: 18085992
Change-Id: Ic10a4da63a2c392d90084eb1106bc5b42f95b855
This commit is contained in:
Nick Kralevich 2014-10-24 14:25:49 -07:00
parent 683ac49d9d
commit 2d1650f407
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
system_server.te
View File

@ -76,6 +76,10 @@ allow system_server self:netlink_route_socket nlmsg_write;
# Kill apps.
allow system_server appdomain:process { sigkill signal };
# This line seems suspect, as it should not really need to
# set scheduling parameters for a kernel domain task.
allow system_server kernel:process setsched;
# Set scheduling info for apps.
allow system_server appdomain:process { getsched setsched };
allow system_server mediaserver:process { getsched setsched };