<<Sorry re-sending in plan text >>
Hi team ,
On android- with latest kernels 4.14 we are seeing some denials which
seem to be very much genuine to be address . Where kernel is trying to
kill its own created process ( might be for maintenance) .
These are seen in long Stress testing . But I dont see any one
adding such rule in general so the question is do we see any risk
which made us not to add such rules ?
1. avc: denied { kill } for pid=2432 comm="irq/66-90b6300."
capability=5 scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0
tclass=capability permissive=0
2. avc: denied { kill } for pid=69 comm="rcuop/6" capability=5
scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=capability
permissive=0
3. avc: denied { kill } for pid=0 comm="swapper/1" capability=5
scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=capability
permissive=0
4. avc: denied { kill } for pid=4185 comm="kworker/0:4" capability=5
scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=capability
permissive=0
This is self capability any one in kernel context should be able to
do such operations I guess.
Regards,
Ravi
