From d583e5966ef1d13b6688ac3fd0e8ac402549bd52 Mon Sep 17 00:00:00 2001
From: Mark Salyzyn <salyzyn@google.com>
Date: Thu, 1 Feb 2018 09:35:14 -0800
Subject: [PATCH] lmkd: add live-lock killer daemon

llkd needs the ability to forcibly crash the kernel if
cause is unlikely to result in an orderly shutdown. It
also needs to scan /proc/<pid> for additional process
information.

Test: lmkd_unit_test --gtest_filter=llkd.*
Bug: 33808187
Change-Id: I7f158a13814e79d5ec71fe90dbc7461abb521945
---
 public/lmkd.te | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/public/lmkd.te b/public/lmkd.te
index f43e42a2e..5b6a7084b 100644
--- a/public/lmkd.te
+++ b/public/lmkd.te
@@ -35,6 +35,14 @@ allow lmkd self:global_capability_class_set sys_nice;
 
 allow lmkd proc_zoneinfo:file r_file_perms;
 
+# live lock watchdog process allowed to look through /proc/
+allow lmkd domain:dir { search open read };
+allow lmkd domain:file { open read };
+
+# live lock watchdog process allowed to dump process trace and
+# reboot because orderly shutdown may not be possible.
+allow lmkd proc_sysrq:file rw_file_perms;
+
 ### neverallow rules
 
 # never honor LD_PRELOAD
-- 
GitLab