From 23a52e6b3028c89727b4fb60704401ed863641cd Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Tue, 4 Mar 2014 17:15:13 -0800
Subject: [PATCH] allow lmkd to kill processes.

The previous patch wasn't sufficient. Allow the kill signal.

Addresses the following denial:

<5>[  775.819223] type=1400 audit(1393978653.489:18): avc:  denied  { sigkill } for  pid=118 comm="lmkd" scontext=u:r:lmkd:s0 tcontext=u:r:untrusted_app:s0 tclass=process

Bug: 13084787
Change-Id: I6af1ed4343b590049809a59e4f2797f6049f12e4
---
 lmkd.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lmkd.te b/lmkd.te
index a8b52c34b..8c2b12c7b 100644
--- a/lmkd.te
+++ b/lmkd.te
@@ -15,3 +15,6 @@ allow lmkd system_server:file write;
 
 ## Writes to /sys/module/lowmemorykiller/parameters/minfree
 allow lmkd sysfs_lowmemorykiller:file w_file_perms;
+
+# Send kill signals
+allow lmkd appdomain:process sigkill;
-- 
GitLab