allow insmod to set nice and scheduler am: af8c56b929 am: b991bb0354 Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/12172822 Change-Id: If97c9b0d2a9fbe8e4ef4fcdd9202b5a4c1ebc499

commit: d999e7ed102b05e5fa44ccc2ceece7e512daec15 [log] [tgz]
author: Tim Murray <timmurray@google.com> Mon Jul 20 16:37:56 2020 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Mon Jul 20 16:37:56 2020 +0000
tree: f11ac04dcb0d9882350f7d55074b8f812ade0bfd
parent: 15025905a79bc2a91956afdcebb7c1ca56e06d75 [diff]
parent: b991bb03548dd7addea880a910823ea700d79066 [diff]
diff --git a/common/init-insmod-sh.te b/common/init-insmod-sh.te
index de1d408..16bc87c 100644
--- a/common/init-insmod-sh.te
+++ b/common/init-insmod-sh.te

@@ -8,6 +8,10 @@
 allow init-insmod-sh vendor_kernel_modules:system module_load;
 allow init-insmod-sh kernel:key search;
 
+# modprobe needs sys_nice and setsched for driver threads
+allow init-insmod-sh self:capability sys_nice;
+allow init-insmod-sh kernel:process setsched;
+
 # modprobe need proc_modules
 allow init-insmod-sh proc_modules:file r_file_perms;
commit	d999e7ed102b05e5fa44ccc2ceece7e512daec15	[log] [tgz]
author	Tim Murray <timmurray@google.com>	Mon Jul 20 16:37:56 2020 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Mon Jul 20 16:37:56 2020 +0000
tree	f11ac04dcb0d9882350f7d55074b8f812ade0bfd
parent	15025905a79bc2a91956afdcebb7c1ca56e06d75 [diff]
parent	b991bb03548dd7addea880a910823ea700d79066 [diff]