From 1c73a5cd9259f7ccc01d5a31a319ed24cc565ee8 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Wed, 19 Feb 2014 11:36:26 -0800
Subject: [PATCH] lmkd: add sys_resource

Addresses the following denial / error:

E/lowmemorykiller(  187): Error writing /proc/1148/oom_adj; errno=13

[  118.264668] type=1400 audit(947231128.209:140): avc:  denied { sys_resource } for  pid=187 comm="lmkd" capability=24 scontext=u:r:lmkd:s0 tcontext=u:r:lmkd:s0 tclass=capability

Change-Id: Ief2a7ead9cdd8a33e3add111ee99f7a29c12a3f2
---
 lmkd.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lmkd.te b/lmkd.te
index 2d09ce530..8643d9115 100644
--- a/lmkd.te
+++ b/lmkd.te
@@ -4,7 +4,7 @@ type lmkd_exec, exec_type, file_type;
 
 init_daemon_domain(lmkd)
 
-allow lmkd self:capability dac_override;
+allow lmkd self:capability { dac_override sys_resource };
 
 ## Open and write to /proc/PID/oom_score_adj
 ## TODO: maybe scope this down?
-- 
GitLab