From e0d9e50c9647859acf058912133be87ff8c916df Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Thu, 4 Apr 2019 09:25:15 -0700
Subject: [PATCH] system_server_startup: allow SIGCHLD to zygote

avc: denied { sigchld } for comm="main"
scontext=u:r:system_server_startup:s0 tcontext=u:r:zygote:s0
tclass=process permissive=0

Test: build
Bug: 134496658
Change-Id: I98c106b17ba1740f953c3108bd0fc927c150096f
(cherry picked from commit 67dc274f87b25b80d507f8ad8263648f5f9a1dd1)
---
 prebuilts/api/29.0/private/system_server_startup.te | 3 +++
 private/system_server_startup.te                    | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/prebuilts/api/29.0/private/system_server_startup.te b/prebuilts/api/29.0/private/system_server_startup.te
index ad9fb4465..f1427a9e2 100644
--- a/prebuilts/api/29.0/private/system_server_startup.te
+++ b/prebuilts/api/29.0/private/system_server_startup.te
@@ -18,3 +18,6 @@ allow system_server_startup mnt_expand_file:dir getattr;
 # system_server domain
 allow system_server_startup self:process setcurrent;
 allow system_server_startup system_server:process dyntransition;
+
+# Child of the zygote.
+allow system_server_startup zygote:process sigchld;
diff --git a/private/system_server_startup.te b/private/system_server_startup.te
index ad9fb4465..f1427a9e2 100644
--- a/private/system_server_startup.te
+++ b/private/system_server_startup.te
@@ -18,3 +18,6 @@ allow system_server_startup mnt_expand_file:dir getattr;
 # system_server domain
 allow system_server_startup self:process setcurrent;
 allow system_server_startup system_server:process dyntransition;
+
+# Child of the zygote.
+allow system_server_startup zygote:process sigchld;