From 0d1f7d29f72a80ecc6d135b2cbad17e6a53dfbec Mon Sep 17 00:00:00 2001
From: Martijn Coenen <maco@google.com>
Date: Tue, 9 May 2017 09:53:46 -0700
Subject: [PATCH] Grant CAP_SYS_NICE to processes that need it.

New binder kernel changes extend the areas where
binder will set real-time scheduling priorities
on threads; to make sure the driver can correctly
determine whether a process is allowed to run
at real-time priority or not, add the capability
to the services that need it.

Bug: 37293077
Test: processes run at real-time prio on incoming
      real-time binder calls.

Change-Id: Ia4b3e5ecb1f5e18e7272bdaaad5c31a856719633
---
 public/hal_bluetooth.te          | 3 +++
 public/hal_graphics_allocator.te | 3 +++
 public/hal_sensors.te            | 3 +++
 3 files changed, 9 insertions(+)

diff --git a/public/hal_bluetooth.te b/public/hal_bluetooth.te
index c04cd0865..2394e2ebc 100644
--- a/public/hal_bluetooth.te
+++ b/public/hal_bluetooth.te
@@ -25,3 +25,6 @@ set_prop(hal_bluetooth, bluetooth_prop)
 
 # /proc access (bluesleep etc.).
 allow hal_bluetooth proc_bluetooth_writable:file rw_file_perms;
+
+# allow to run with real-time scheduling policy
+allow hal_bluetooth self:capability sys_nice;
diff --git a/public/hal_graphics_allocator.te b/public/hal_graphics_allocator.te
index 5f2f098ca..f56e8f6d7 100644
--- a/public/hal_graphics_allocator.te
+++ b/public/hal_graphics_allocator.te
@@ -8,3 +8,6 @@ allow hal_graphics_allocator_client hal_graphics_mapper_hwservice:hwservice_mana
 # GPU device access
 allow hal_graphics_allocator gpu_device:chr_file rw_file_perms;
 allow hal_graphics_allocator ion_device:chr_file r_file_perms;
+
+# allow to run with real-time scheduling policy
+allow hal_graphics_allocator self:capability sys_nice;
diff --git a/public/hal_sensors.te b/public/hal_sensors.te
index 3cf3069ce..068c93b8c 100644
--- a/public/hal_sensors.te
+++ b/public/hal_sensors.te
@@ -10,3 +10,6 @@ allow hal_sensors { appdomain -isolated_app }:fd use;
 # Allow sensor hals to access ashmem memory allocated by android.hidl.allocator
 # fd is passed in from framework sensorservice HAL.
 allow hal_sensors hal_allocator:fd use;
+
+# allow to run with real-time scheduling policy
+allow hal_sensors self:capability sys_nice;
-- 
GitLab