From 13e44ec74d326463213c4c01963c776a699467cb Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Thu, 19 Dec 2013 10:53:36 -0800
Subject: [PATCH] allow system_server block_suspend

I'm only seeing this denial on one device (manta), but it feels like
it should be part of the generic policy. I don't understand
why it's happening on only one device.

Addresses the following denial:

14.711671   type=1400 audit(1387474628.570:6): avc:  denied  { block_suspend } for  pid=533 comm="InputReader" capability=36  scontext=u:r:system_server:s0 tcontext=u:r:system_server:s0 tclass=capability2

Change-Id: If4b28b6f42ca92c0e2cacfad75c8cbe023b0fa47
---
 system_server.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/system_server.te b/system_server.te
index 0b1ec45b7..69e9cb082 100644
--- a/system_server.te
+++ b/system_server.te
@@ -37,6 +37,8 @@ allow system_server self:capability {
     sys_tty_config
 };
 
+allow system_server self:capability2 block_suspend;
+
 # Triggered by /proc/pid accesses, not allowed.
 dontaudit system_server self:capability sys_ptrace;
 
-- 
GitLab