Revert "allow system_server to set kernel scheduling priority"

Periodically, SELinux denials of the form:

  type=1400 audit(0.0:8574): avc: denied { setsched } for comm="system_server" scontext=u:r:system_server:s0 tcontext=u:r:kernel:s0 tclass=process permissive=0

are being generated. These denials come from system_server and other
processes. There's no reason why system_server should be calling
sched_setscheduler() on a kernel thread.

Current belief is that these SELinux denials are a bug in the kernel,
and are being inappropriately triggered.

Revert 2d1650f4075db4f4f458de4c1a4cb5869c44b936. The original reason
for accepting this change was to see if it would fix bug 18085992.
Unfortunately, even after the commit, the bug was still present.
The change had no impact on the bug.

Don't inappropriately grant system_server the ability to minipulate
the scheduling priority of kernel threads.

This reverts commit 2d1650f4075db4f4f458de4c1a4cb5869c44b936.

Change-Id: I59bdf26ad247a02b741af2fa58a18e7e83ef44d8

1 files changed, 0 insertions, 4 deletions

diff --git a/system_server.te b/system_server.te
index 6630615..9079acb 100644
--- a/system_server.te
+++ b/system_server.te
@@ -75,10 +75,6 @@ allow system_server self:netlink_route_socket nlmsg_write;
 # Kill apps.
 allow system_server appdomain:process { sigkill signal };
 
-# This line seems suspect, as it should not really need to
-# set scheduling parameters for a kernel domain task.
-allow system_server kernel:process setsched;
-
 # Set scheduling info for apps.
 allow system_server appdomain:process { getsched setsched };
 allow system_server mediaserver:process { getsched setsched };