1*e4a36f41SAndroid Build Coastguard Workertype rss_hwm_reset_exec, system_file_type, exec_type, file_type; 2*e4a36f41SAndroid Build Coastguard Worker 3*e4a36f41SAndroid Build Coastguard Worker# Start rss_hwm_reset from init. 4*e4a36f41SAndroid Build Coastguard Workerinit_daemon_domain(rss_hwm_reset) 5*e4a36f41SAndroid Build Coastguard Worker 6*e4a36f41SAndroid Build Coastguard Worker# Search /proc/pid directories. 7*e4a36f41SAndroid Build Coastguard Workerallow rss_hwm_reset domain:dir search; 8*e4a36f41SAndroid Build Coastguard Worker 9*e4a36f41SAndroid Build Coastguard Worker# Write to /proc/pid/clear_refs of other processes. 10*e4a36f41SAndroid Build Coastguard Worker# /proc/pid/clear_refs is S_IWUSER, see: fs/proc/base.c 11*e4a36f41SAndroid Build Coastguard Workerallow rss_hwm_reset self:global_capability_class_set { dac_override }; 12*e4a36f41SAndroid Build Coastguard Worker 13*e4a36f41SAndroid Build Coastguard Worker# Write to /prc/pid/clear_refs. 14*e4a36f41SAndroid Build Coastguard Workerallow rss_hwm_reset domain:file w_file_perms; 15