aboutsummaryrefslogtreecommitdiff
path: root/lmkd.te
diff options
context:
space:
mode:
Diffstat (limited to 'lmkd.te')
-rw-r--r--lmkd.te37
1 files changed, 0 insertions, 37 deletions
diff --git a/lmkd.te b/lmkd.te
deleted file mode 100644
index ee290a3..0000000
--- a/lmkd.te
+++ /dev/null
@@ -1,37 +0,0 @@
-# lmkd low memory killer daemon
-type lmkd, domain, domain_deprecated, mlstrustedsubject;
-type lmkd_exec, exec_type, file_type;
-
-init_daemon_domain(lmkd)
-
-allow lmkd self:capability { dac_override sys_resource kill };
-
-# lmkd locks itself in memory, to prevent it from being
-# swapped out and unable to kill other memory hogs.
-# system/core commit b28ff9131363f7b4a698990da5748b2a88c3ed35
-# b/16236289
-allow lmkd self:capability ipc_lock;
-
-## Open and write to /proc/PID/oom_score_adj
-## TODO: maybe scope this down?
-r_dir_file(lmkd, appdomain)
-allow lmkd appdomain:file write;
-r_dir_file(lmkd, system_server)
-allow lmkd system_server:file write;
-
-## Writes to /sys/module/lowmemorykiller/parameters/minfree
-allow lmkd sysfs_lowmemorykiller:file w_file_perms;
-
-# Send kill signals
-allow lmkd appdomain:process sigkill;
-
-# Clean up old cgroups
-allow lmkd cgroup:dir { remove_name rmdir };
-
-# Set self to SCHED_FIFO
-allow lmkd self:capability sys_nice;
-
-### neverallow rules
-
-# never honor LD_PRELOAD
-neverallow * lmkd:process noatsecure;
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-20 09:24:57 +0000