Allow debugfs access and setsched for mediaserver.

commit: fed246510c971d09a170a8de7a73bf24885c49a9 [log] [tgz]
author: Stephen Smalley <sds@tycho.nsa.gov> Thu Aug 09 08:36:10 2012 -0400
committer: Stephen Smalley <sds@tycho.nsa.gov> Thu Aug 09 08:36:10 2012 -0400
tree: 1d2a8412d25e5277d7ceeb08a1e3ccda3e000ea9
parent: 6cce6199c3b949918c53574576f2777ffd598f5e [diff]
diff --git a/domain.te b/domain.te
index 9a59c49..6be7ddd 100644
--- a/domain.te
+++ b/domain.te

@@ -96,5 +96,12 @@
 r_dir_file(domain, inotify)
 r_dir_file(domain, cgroup)
 
-# Ignore /sys/kernel/debug
-dontaudit domain debugfs:dir search;
+# debugfs access
+bool debugfs true;
+if (debugfs) {
+allow domain debugfs:dir r_dir_perms;
+allow domain debugfs:file rw_file_perms;
+} else {
+dontaudit domain debugfs:dir r_dir_perms;
+dontaudit domain debugfs:file  rw_file_perms;
+}

diff --git a/system.te b/system.te
index c6fd8bd..0740285 100644
--- a/system.te
+++ b/system.te

@@ -83,6 +83,7 @@
 
 # Set scheduling info for apps.
 allow system appdomain:process setsched;
+allow system mediaserver:process setsched;
 
 # Read /proc data for apps.
 allow system appdomain:dir r_dir_perms;
commit	fed246510c971d09a170a8de7a73bf24885c49a9	[log] [tgz]
author	Stephen Smalley <sds@tycho.nsa.gov>	Thu Aug 09 08:36:10 2012 -0400
committer	Stephen Smalley <sds@tycho.nsa.gov>	Thu Aug 09 08:36:10 2012 -0400
tree	1d2a8412d25e5277d7ceeb08a1e3ccda3e000ea9
parent	6cce6199c3b949918c53574576f2777ffd598f5e [diff]