selinux policy for enabling scheduler boost

avc: denied { setsched } for pid=3455 comm="Binder_9" scontext=u:r:system_server:s0 tcontext=u:r:zygote:s0 tclass=process permissive=0
avc: denied { setsched } for comm="kworker/u12:10" scontext=u:r:kernel:s0 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=process permissive=0
avc: denied { setsched } for comm="kworker/u12:4" scontext=u:r:kernel:s0 tcontext=u:r:nfc:s0 tclass=process permissive=0
avc: denied { setsched } for comm="kworker/u12:4" scontext=u:r:kernel:s0 tcontext=u:r:system_server:s0 tclass=process permissive=0
avc: denied { setsched } for comm="kworker/u12:4" scontext=u:r:kernel:s0 tcontext=u:r:radio:s0 tclass=process permissive=0
avc: denied { setsched } for comm="kworker/u12:26" scontext=u:r:kernel:s0 tcontext=u:r:isolated_app:s0:c512,c768 tclass=process permissive=0

Bug: 21915482
Bug: 23758218
Change-Id: I7965ef759c0549606560914d066e5bee83e3997c

2 files changed, 8 insertions, 0 deletions

diff --git a/sepolicy/kernel.te b/sepolicy/kernel.te
new file mode 100644
index 0000000..dd801ad
--- /dev/null
+++ b/sepolicy/kernel.te
@@ -0,0 +1,3 @@
+# TODO - root cause why the kernel generating this denial.
+allow kernel domain:process setsched;
+auditallow kernel domain:process setsched;
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
index dc9569d..2eaa5a3 100644
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@@ -32,3 +32,8 @@ allow system_server perfd:unix_stream_socket connectto;
 
 # hubconnection to get and set sensors.contexthub.* properties
 set_prop(system_server, contexthub_prop);
+
+# To improve app launch times - we would like to force all tasks to
+# run on big cores for app launch (sched_boost) - instead of just
+# boosting them to make it "more likely" to run on big cores.
+allow system_server zygote:process setsched;