allow insmod to set nice and scheduler am: af8c56b929 am: 4548fd7fc2 Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/12172822 Change-Id: I497545e8c7f0a05dea10f1ccce7be1d46cc70951

commit: d78a4cb773f9567d2f05fb2fafee5173a3ebf6d7 [log] [tgz]
author: Tim Murray <timmurray@google.com> Mon Jul 20 16:38:04 2020 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Mon Jul 20 16:38:04 2020 +0000
tree: f11ac04dcb0d9882350f7d55074b8f812ade0bfd
parent: 15025905a79bc2a91956afdcebb7c1ca56e06d75 [diff]
parent: 4548fd7fc207e178a4db9ee3420507a0e861defc [diff]
diff --git a/common/init-insmod-sh.te b/common/init-insmod-sh.te
index de1d408..16bc87c 100644
--- a/common/init-insmod-sh.te
+++ b/common/init-insmod-sh.te

@@ -8,6 +8,10 @@
 allow init-insmod-sh vendor_kernel_modules:system module_load;
 allow init-insmod-sh kernel:key search;
 
+# modprobe needs sys_nice and setsched for driver threads
+allow init-insmod-sh self:capability sys_nice;
+allow init-insmod-sh kernel:process setsched;
+
 # modprobe need proc_modules
 allow init-insmod-sh proc_modules:file r_file_perms;
commit	d78a4cb773f9567d2f05fb2fafee5173a3ebf6d7	[log] [tgz]
author	Tim Murray <timmurray@google.com>	Mon Jul 20 16:38:04 2020 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Mon Jul 20 16:38:04 2020 +0000
tree	f11ac04dcb0d9882350f7d55074b8f812ade0bfd
parent	15025905a79bc2a91956afdcebb7c1ca56e06d75 [diff]
parent	4548fd7fc207e178a4db9ee3420507a0e861defc [diff]