Merge "runas_app: allow sigkill of untrusted_app" am: eff7d756e1

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2393300 Change-Id: Ibaa3a3da9953b75f98da86494e946d7386ba2747 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-01-20 16:53:58 +00:00 · 2023-01-20 16:53:58 +00:00 · 94a4d4758f
commit 94a4d4758f
parent 893596e0e7 eff7d756e1
1 changed files with 1 additions and 1 deletions
--- a/private/runas_app.te
+++ b/private/runas_app.te
@ -14,7 +14,7 @@ allow runas_app app_data_file:file execute_no_trans;
 r_dir_file(runas_app, untrusted_app_all)

 # Allow lldb/ndk-gdb/simpleperf to ptrace attach to debuggable app processes.
-allow runas_app untrusted_app_all:process { ptrace signal sigstop };
+allow runas_app untrusted_app_all:process { ptrace sigkill signal sigstop };
 allow runas_app untrusted_app_all:unix_stream_socket connectto;

 # Allow executing system image simpleperf without a domain transition.