Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 75806ef3c529c019ab002072cca7951b91f245aa^! / . / private / lmkd.te
commit75806ef3c529c019ab002072cca7951b91f245aa[log] [tgz]
authorInseob Kim <inseob@google.com>Wed Mar 27 17:18:41 2024 +0900
committerInseob Kim <inseob@google.com>Thu Mar 28 00:33:46 2024 +0000
treecbd0c46779774cd09f127c0e20144c39dff08dca
parente98c6d2b38114e0819a558ef5e0d2793a30eebff [diff] [blame]
Minimize public policy

Ideally, public should only contain APIs (types / attributes) for
vendor. The other statements like allow/neverallow/typeattributes are
regarded as implementation detail for platform and should be in private.

Bug: 232023812
Test: m selinux_policy
Test: diff <(git diff --staged | grep "^-" | cut -b2- | sort) \
           <(git diff --staged | grep "^+" | cut -b2- | sort)
Test: remove comments on plat_sepolicy.cil, replace base_typeattr_*
      to base_typeattr and then compare old and new plat_sepolicy.cil
Change-Id: I5e7d2da4465ab0216de6bacdf03077d37f6ffe12

diff --git a/private/lmkd.te b/private/lmkd.te
index 6a38c58..8d22552 100644
--- a/private/lmkd.te
+++ b/private/lmkd.te

@@ -23,5 +23,73 @@
 allow lmkd fs_bpf_lmkd_memevents_rb:file { read write };
 allow lmkd fs_bpf_lmkd_memevents_prog:file read;
 
+allow lmkd self:global_capability_class_set { dac_override dac_read_search sys_resource kill };
+
+# lmkd locks itself in memory, to prevent it from being
+# swapped out and unable to kill other memory hogs.
+# system/core commit b28ff9131363f7b4a698990da5748b2a88c3ed35
+# b/16236289
+allow lmkd self:global_capability_class_set ipc_lock;
+
+## Open and write to /proc/PID/oom_score_adj and /proc/PID/timerslack_ns
+## TODO: maybe scope this down?
+r_dir_file(lmkd, domain)
+allow lmkd domain:file write;
+
+## Writes to /sys/module/lowmemorykiller/parameters/minfree
+r_dir_file(lmkd, sysfs_lowmemorykiller)
+allow lmkd sysfs_lowmemorykiller:file w_file_perms;
+
+# setsched and send kill signals to any registered process
+allow lmkd domain:process { setsched sigkill };
+# TODO: delete this line b/131761776
+allow lmkd kernel:process { setsched };
+
+# Clean up old cgroups
+allow lmkd cgroup:dir { remove_name rmdir };
+allow lmkd cgroup_v2:dir { remove_name rmdir };
+
+# Allow to read memcg stats
+allow lmkd cgroup:file r_file_perms;
+allow lmkd cgroup_v2:file r_file_perms;
+
+# Set self to SCHED_FIFO
+allow lmkd self:global_capability_class_set sys_nice;
+
+allow lmkd proc_zoneinfo:file r_file_perms;
+allow lmkd proc_vmstat:file r_file_perms;
+
+# live lock watchdog process allowed to look through /proc/
+allow lmkd domain:dir { search open read };
+allow lmkd domain:file { open read };
+
+# live lock watchdog process allowed to dump process trace and
+# reboot because orderly shutdown may not be possible.
+allow lmkd proc_sysrq:file rw_file_perms;
+
+# Read /proc/lowmemorykiller
+allow lmkd proc_lowmemorykiller:file r_file_perms;
+
+# Read /proc/meminfo
+allow lmkd proc_meminfo:file r_file_perms;
+
+# Read /proc/pressure/cpu and /proc/pressure/io
+allow lmkd proc_pressure_cpu:file r_file_perms;
+allow lmkd proc_pressure_io:file r_file_perms;
+
+# Read/Write /proc/pressure/memory
+allow lmkd proc_pressure_mem:file rw_file_perms;
+
+# Allow lmkd to connect during reinit.
+allow lmkd lmkd_socket:sock_file write;
+
+# Allow lmkd to write to statsd.
+unix_socket_send(lmkd, statsdw, statsd)
+
+### neverallow rules
+
+# never honor LD_PRELOAD
+neverallow * lmkd:process noatsecure;
+neverallow lmkd self:global_capability_class_set sys_ptrace;
 neverallow { domain -init -lmkd -vendor_init } lmkd_prop:property_service set;
 neverallow lmkd self:perf_event ~{ cpu kernel open write };