Skip to content
Snippets Groups Projects
Commit 2d1650f4 authored by Nick Kralevich's avatar Nick Kralevich
Browse files

allow system_server to set kernel scheduling priority 

Addresses the following denial:

  avc: denied { setsched } for comm="system_server" scontext=u:r:system_server:s0 tcontext=u:r:kernel:s0 tclass=process permissive=0

It's not clear why system_server is adjusting the scheduling priority
of kernel processes (ps -Z | grep kernel). For now, allow the operation,
although this is likely a kernel bug.

Maybe fix bug 18085992.

Bug: 18085992
Change-Id: Ic10a4da63a2c392d90084eb1106bc5b42f95b855
parent 683ac49d
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 4 additions and 0 deletions
system_server.te
+ 4
0
View file @ 2d1650f4
...@@ -76,6 +76,10 @@ allow system_server self:netlink_route_socket nlmsg_write; ...@@ -76,6 +76,10 @@ allow system_server self:netlink_route_socket nlmsg_write;
# Kill apps. # Kill apps.
allow system_server appdomain:process { sigkill signal }; allow system_server appdomain:process { sigkill signal };
# This line seems suspect, as it should not really need to
# set scheduling parameters for a kernel domain task.
allow system_server kernel:process setsched;
# Set scheduling info for apps. # Set scheduling info for apps.
allow system_server appdomain:process { getsched setsched }; allow system_server appdomain:process { getsched setsched };
allow system_server mediaserver:process { getsched setsched }; allow system_server mediaserver:process { getsched setsched };
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment