selinux-refpolicy/policy/modules/services/lowmemorymonitor.te

policy_module(lowmemorymonitor)

# daemon to monitor low memory and control kernel OOM

########################################
#
# Declarations
#

type low_mem_mon_t;
type low_mem_mon_exec_t;
init_daemon_domain(low_mem_mon_t, low_mem_mon_exec_t)

########################################
#
# Local policy
#

allow low_mem_mon_t self:capability ipc_lock;
allow low_mem_mon_t self:unix_dgram_socket create_socket_perms;

kernel_rw_psi(low_mem_mon_t)
kernel_read_system_state(low_mem_mon_t)

# /etc/localtime
files_read_etc_symlinks(low_mem_mon_t)

dbus_list_system_bus_runtime(low_mem_mon_t)
dbus_system_bus_client(low_mem_mon_t)
dbus_connect_system_bus(low_mem_mon_t)

miscfiles_read_localization(low_mem_mon_t)

optional_policy(`
	unconfined_dbus_send(low_mem_mon_t)
')