Grant getpgid to system_server on zygote

Should system_server kill zygote on crashes, it will attempt to kill any
process in the same process group. This ensures that no untracked
children are left.

Bug: 216097542
Test: m selinux_policy
Change-Id: Ie16074f76e351d80d9f17be930a731f923f99835
This commit is contained in:
Thiébaud Weksteen 2022-01-27 15:17:02 +11:00
parent 7423beb1bd
commit 6390b3f090

View file

@ -97,7 +97,7 @@ allow system_server {
crash_dump
webview_zygote
zygote
}:process { sigkill signull };
}:process { getpgid sigkill signull };
# Read /system/bin/app_process.
allow system_server zygote_exec:file r_file_perms;