lmkd: add live-lock killer daemon llkd needs the ability to forcibly crash the kernel if cause is unlikely to result in an orderly shutdown. It also needs to scan /proc/<pid> for additional process information. Test: lmkd_unit_test --gtest_filter=llkd.* Bug: 33808187 Change-Id: I7f158a13814e79d5ec71fe90dbc7461abb521945

commit: d583e5966ef1d13b6688ac3fd0e8ac402549bd52 [log] [tgz]
author: Mark Salyzyn <salyzyn@google.com> Thu Feb 01 09:35:14 2018 -0800
committer: Mark Salyzyn <salyzyn@google.com> Mon Feb 05 12:12:51 2018 -0800
tree: 9868edfd00e66d39303e25c23366824df8421369
parent: 4c19b3d1d67ce3b5a4a20408dcf1779250ba860c [diff]
diff --git a/public/lmkd.te b/public/lmkd.te
index f43e42a..5b6a708 100644
--- a/public/lmkd.te
+++ b/public/lmkd.te

@@ -35,6 +35,14 @@
 
 allow lmkd proc_zoneinfo:file r_file_perms;
 
+# live lock watchdog process allowed to look through /proc/
+allow lmkd domain:dir { search open read };
+allow lmkd domain:file { open read };
+
+# live lock watchdog process allowed to dump process trace and
+# reboot because orderly shutdown may not be possible.
+allow lmkd proc_sysrq:file rw_file_perms;
+
 ### neverallow rules
 
 # never honor LD_PRELOAD
commit	d583e5966ef1d13b6688ac3fd0e8ac402549bd52	[log] [tgz]
author	Mark Salyzyn <salyzyn@google.com>	Thu Feb 01 09:35:14 2018 -0800
committer	Mark Salyzyn <salyzyn@google.com>	Mon Feb 05 12:12:51 2018 -0800
tree	9868edfd00e66d39303e25c23366824df8421369
parent	4c19b3d1d67ce3b5a4a20408dcf1779250ba860c [diff]