diff options
Diffstat (limited to 'lmkd.te')
-rw-r--r-- | lmkd.te | 37 |
1 files changed, 0 insertions, 37 deletions
diff --git a/lmkd.te b/lmkd.te deleted file mode 100644 index ee290a3..0000000 --- a/lmkd.te +++ /dev/null @@ -1,37 +0,0 @@ -# lmkd low memory killer daemon -type lmkd, domain, domain_deprecated, mlstrustedsubject; -type lmkd_exec, exec_type, file_type; - -init_daemon_domain(lmkd) - -allow lmkd self:capability { dac_override sys_resource kill }; - -# lmkd locks itself in memory, to prevent it from being -# swapped out and unable to kill other memory hogs. -# system/core commit b28ff9131363f7b4a698990da5748b2a88c3ed35 -# b/16236289 -allow lmkd self:capability ipc_lock; - -## Open and write to /proc/PID/oom_score_adj -## TODO: maybe scope this down? -r_dir_file(lmkd, appdomain) -allow lmkd appdomain:file write; -r_dir_file(lmkd, system_server) -allow lmkd system_server:file write; - -## Writes to /sys/module/lowmemorykiller/parameters/minfree -allow lmkd sysfs_lowmemorykiller:file w_file_perms; - -# Send kill signals -allow lmkd appdomain:process sigkill; - -# Clean up old cgroups -allow lmkd cgroup:dir { remove_name rmdir }; - -# Set self to SCHED_FIFO -allow lmkd self:capability sys_nice; - -### neverallow rules - -# never honor LD_PRELOAD -neverallow * lmkd:process noatsecure; |