tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Allow system_server to kill artd and its subprocesses.

Browse source 
This is to make sure that no process is accessing files in chroot when
we teardown chroot.

Bug: 311377497
Test: Set a very short timeout for `ensureNoProcessInDir` and run
  Pre-reboot Dexopt.
Change-Id: I5c60497c73a9d56068e47840ffd4a0f0a550c250
This commit is contained in:
Jiakai Zhang 2024-05-31 19:06:12 +01:00
parent ca2f3851af
commit 03f9866873
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
private/system_server.te
View file

@ -1656,6 +1656,16 @@ allow system_server system_server_tmpfs:file open;
# otapreopt_script is still alive.
allow system_server postinstall:fifo_file read;
# Allow system_server to kill artd and its subprocesses, to make sure that no process is accessing
# files in chroot when we teardown chroot.
allow system_server {
artd
derive_classpath
dex2oat
odrefresh
profman
}:process sigkill;
# Do not allow any domain other than init or system server to get or set the property
neverallow { domain -init -system_server } crashrecovery_prop:property_service set;
neverallow { domain -init -dumpstate -system_server } crashrecovery_prop:file no_rw_file_perms;