allow insmod to set nice and scheduler am: af8c56b929 am: b991bb0354 am: d999e7ed10 Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/12172822 Change-Id: Iabcdec93c01b713fcf991652f9f87feaa5a3f05b

commit: b8574d2ad148edb53e6f203d4bb0106349c2a202 [log] [tgz]
author: Tim Murray <timmurray@google.com> Mon Jul 20 16:52:05 2020 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Mon Jul 20 16:52:05 2020 +0000
tree: 52fd3491b6caf072950b362becd08033e965dd44
parent: a3e8be335aca515541ec2cebea33719409a4bf05 [diff]
parent: d999e7ed102b05e5fa44ccc2ceece7e512daec15 [diff]
diff --git a/common/init-insmod-sh.te b/common/init-insmod-sh.te
index de1d408..16bc87c 100644
--- a/common/init-insmod-sh.te
+++ b/common/init-insmod-sh.te

@@ -8,6 +8,10 @@
 allow init-insmod-sh vendor_kernel_modules:system module_load;
 allow init-insmod-sh kernel:key search;
 
+# modprobe needs sys_nice and setsched for driver threads
+allow init-insmod-sh self:capability sys_nice;
+allow init-insmod-sh kernel:process setsched;
+
 # modprobe need proc_modules
 allow init-insmod-sh proc_modules:file r_file_perms;
commit	b8574d2ad148edb53e6f203d4bb0106349c2a202	[log] [tgz]
author	Tim Murray <timmurray@google.com>	Mon Jul 20 16:52:05 2020 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Mon Jul 20 16:52:05 2020 +0000
tree	52fd3491b6caf072950b362becd08033e965dd44
parent	a3e8be335aca515541ec2cebea33719409a4bf05 [diff]
parent	d999e7ed102b05e5fa44ccc2ceece7e512daec15 [diff]