From 2b392fccf35c790bdc55bdce51a196f4953644ce Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Thu, 5 Dec 2013 16:55:34 -0800
Subject: [PATCH] Move lmkd into it's own domain.

lmkd low memory killer daemon

The kernel low memory killer logic has been moved to a new daemon
called lmkd.  ActivityManager communicates with this daemon over a
named socket.

This is just a placeholder policy, starting off in unconfined_domain.

Change-Id: Ia3f9a18432c2ae37d4f5526850e11432fd633e10
---
 file.te          | 1 +
 file_contexts    | 2 ++
 lmkd.te          | 7 +++++++
 system_server.te | 1 +
 4 files changed, 11 insertions(+)
 create mode 100644 lmkd.te

diff --git a/file.te b/file.te
index 39d139c40..ed56ec9a9 100644
--- a/file.te
+++ b/file.te
@@ -101,6 +101,7 @@ type dnsproxyd_socket, file_type, mlstrustedobject;
 type gps_socket, file_type;
 type installd_socket, file_type;
 type keystore_socket, file_type;
+type lmkd_socket, file_type;
 type mdns_socket, file_type;
 type netd_socket, file_type;
 type property_socket, file_type;
diff --git a/file_contexts b/file_contexts
index 2907183e2..5c2554526 100644
--- a/file_contexts
+++ b/file_contexts
@@ -80,6 +80,7 @@
 /dev/socket/gps		u:object_r:gps_socket:s0
 /dev/socket/installd	u:object_r:installd_socket:s0
 /dev/socket/keystore	u:object_r:keystore_socket:s0
+/dev/socket/lmkd        u:object_r:lmkd_socket:s0
 /dev/socket/mdns	u:object_r:mdns_socket:s0
 /dev/socket/netd	u:object_r:netd_socket:s0
 /dev/socket/property_service	u:object_r:property_socket:s0
@@ -142,6 +143,7 @@
 /system/bin/dnsmasq     u:object_r:dnsmasq_exec:s0
 /system/bin/hostapd     u:object_r:hostapd_exec:s0
 /system/bin/clatd	u:object_r:clatd_exec:s0
+/system/bin/lmkd        u:object_r:lmkd_exec:s0
 #############################
 # Vendor files
 #
diff --git a/lmkd.te b/lmkd.te
new file mode 100644
index 000000000..9af658f18
--- /dev/null
+++ b/lmkd.te
@@ -0,0 +1,7 @@
+# lmkd low memory killer daemon
+type lmkd, domain;
+type lmkd_exec, exec_type, file_type;
+
+init_daemon_domain(lmkd)
+
+unconfined_domain(lmkd);
diff --git a/system_server.te b/system_server.te
index 25ce2a4c5..f603ea310 100644
--- a/system_server.te
+++ b/system_server.te
@@ -73,6 +73,7 @@ allow system_server init:process sigchld;
 unix_socket_connect(system_server, property, init)
 unix_socket_connect(system_server, qemud, qemud)
 unix_socket_connect(system_server, installd, installd)
+unix_socket_connect(system_server, lmkd, lmkd)
 unix_socket_connect(system_server, netd, netd)
 unix_socket_connect(system_server, vold, vold)
 unix_socket_connect(system_server, zygote, zygote)
-- 
GitLab