Grant CAP_SYS_NICE to processes that need it.
New binder kernel changes extend the areas where
binder will set real-time scheduling priorities
on threads; to make sure the driver can correctly
determine whether a process is allowed to run
at real-time priority or not, add the capability
to the services that need it.
Bug: 37293077
Test: processes run at real-time prio on incoming
real-time binder calls.
Change-Id: Ia4b3e5ecb1f5e18e7272bdaaad5c31a856719633
diff --git a/public/hal_bluetooth.te b/public/hal_bluetooth.te
index c04cd08..2394e2e 100644
--- a/public/hal_bluetooth.te
+++ b/public/hal_bluetooth.te
@@ -25,3 +25,6 @@
# /proc access (bluesleep etc.).
allow hal_bluetooth proc_bluetooth_writable:file rw_file_perms;
+
+# allow to run with real-time scheduling policy
+allow hal_bluetooth self:capability sys_nice;
diff --git a/public/hal_graphics_allocator.te b/public/hal_graphics_allocator.te
index 5f2f098..f56e8f6 100644
--- a/public/hal_graphics_allocator.te
+++ b/public/hal_graphics_allocator.te
@@ -8,3 +8,6 @@
# GPU device access
allow hal_graphics_allocator gpu_device:chr_file rw_file_perms;
allow hal_graphics_allocator ion_device:chr_file r_file_perms;
+
+# allow to run with real-time scheduling policy
+allow hal_graphics_allocator self:capability sys_nice;
diff --git a/public/hal_sensors.te b/public/hal_sensors.te
index 3cf3069..068c93b 100644
--- a/public/hal_sensors.te
+++ b/public/hal_sensors.te
@@ -10,3 +10,6 @@
# Allow sensor hals to access ashmem memory allocated by android.hidl.allocator
# fd is passed in from framework sensorservice HAL.
allow hal_sensors hal_allocator:fd use;
+
+# allow to run with real-time scheduling policy
+allow hal_sensors self:capability sys_nice;