Revert "allow system_server to set kernel scheduling priority"

Periodically, SELinux denials of the form: type=1400 audit(0.0:8574): avc: denied { setsched } for comm="system_server" scontext=u:r:system_server:s0 tcontext=u:r:kernel:s0 tclass=process permissive=0 are being generated. These denials come from system_server and other processes. There's no reason why system_server should be calling sched_setscheduler() on a kernel thread. Current belief is that these SELinux denials are a bug in the kernel, and are being inappropriately triggered. Revert 2d1650f4. The original reason for accepting this change was to see if it would fix bug 18085992. Unfortunately, even after the commit, the bug was still present. The change had no impact on the bug. Don't inappropriately grant system_server the ability to minipulate the scheduling priority of kernel threads. This reverts commit 2d1650f4. Change-Id: I59bdf26ad247a02b741af2fa58a18e7e83ef44d8

Revert "allow system_server to set kernel scheduling priority"
cd14eb44 · Nick Kralevich · 2e0cd5ad · cd14eb44
Commit cd14eb44 authored 10 years ago by Nick Kralevich
--- a/system_server.te
+++ b/system_server.te
@@ -75,10 +75,6 @@ allow system_server self:netlink_route_socket nlmsg_write;
 # Kill apps.
 allow system_server appdomain:process { sigkill signal };

-# This line seems suspect, as it should not really need to
-# set scheduling parameters for a kernel domain task.
-allow system_server kernel:process setsched;
-
 # Set scheduling info for apps.
 allow system_server appdomain:process { getsched setsched };
 allow system_server mediaserver:process { getsched setsched };