allow system_server to set kernel scheduling priority Addresses the following denial: avc: denied { setsched } for comm="system_server" scontext=u:r:system_server:s0 tcontext=u:r:kernel:s0 tclass=process permissive=0 It's not clear why system_server is adjusting the scheduling priority of kernel processes (ps -Z | grep kernel). For now, allow the operation, although this is likely a kernel bug. Maybe fix bug 18085992. Bug: 18085992 Change-Id: Ic10a4da63a2c392d90084eb1106bc5b42f95b855

commit: 2d1650f4075db4f4f458de4c1a4cb5869c44b936 [log] [tgz]
author: Nick Kralevich <nnk@google.com> Fri Oct 24 14:25:49 2014 -0700
committer: Nick Kralevich <nnk@google.com> Fri Oct 24 14:25:49 2014 -0700
tree: c4503b4b9826ba96498b3f436169d785345ed07d
parent: 683ac49d9d2f7dafcc4204f737747117a5d72e4e [diff]
diff --git a/system_server.te b/system_server.te
index fcec400..5786c2e 100644
--- a/system_server.te
+++ b/system_server.te

@@ -76,6 +76,10 @@
 # Kill apps.
 allow system_server appdomain:process { sigkill signal };
 
+# This line seems suspect, as it should not really need to
+# set scheduling parameters for a kernel domain task.
+allow system_server kernel:process setsched;
+
 # Set scheduling info for apps.
 allow system_server appdomain:process { getsched setsched };
 allow system_server mediaserver:process { getsched setsched };
commit	2d1650f4075db4f4f458de4c1a4cb5869c44b936	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Fri Oct 24 14:25:49 2014 -0700
committer	Nick Kralevich <nnk@google.com>	Fri Oct 24 14:25:49 2014 -0700
tree	c4503b4b9826ba96498b3f436169d785345ed07d
parent	683ac49d9d2f7dafcc4204f737747117a5d72e4e [diff]