Allow system_server to kill artd and its subprocesses.
This is to make sure that no process is accessing files in chroot when we teardown chroot. Bug: 311377497 Test: Set a very short timeout for `ensureNoProcessInDir` and run Pre-reboot Dexopt. Change-Id: I5c60497c73a9d56068e47840ffd4a0f0a550c250
This commit is contained in:
parent
ca2f3851af
commit
03f9866873
1 changed files with 10 additions and 0 deletions
|
@ -1656,6 +1656,16 @@ allow system_server system_server_tmpfs:file open;
|
||||||
# otapreopt_script is still alive.
|
# otapreopt_script is still alive.
|
||||||
allow system_server postinstall:fifo_file read;
|
allow system_server postinstall:fifo_file read;
|
||||||
|
|
||||||
|
# Allow system_server to kill artd and its subprocesses, to make sure that no process is accessing
|
||||||
|
# files in chroot when we teardown chroot.
|
||||||
|
allow system_server {
|
||||||
|
artd
|
||||||
|
derive_classpath
|
||||||
|
dex2oat
|
||||||
|
odrefresh
|
||||||
|
profman
|
||||||
|
}:process sigkill;
|
||||||
|
|
||||||
# Do not allow any domain other than init or system server to get or set the property
|
# Do not allow any domain other than init or system server to get or set the property
|
||||||
neverallow { domain -init -system_server } crashrecovery_prop:property_service set;
|
neverallow { domain -init -system_server } crashrecovery_prop:property_service set;
|
||||||
neverallow { domain -init -dumpstate -system_server } crashrecovery_prop:file no_rw_file_perms;
|
neverallow { domain -init -dumpstate -system_server } crashrecovery_prop:file no_rw_file_perms;
|
||||||
|
|
Loading…
Reference in a new issue