From d18e345b8f78cfd43c0b025d4d0e360097dd89ab Mon Sep 17 00:00:00 2001
From: Wanhong Jiang <ot_wanhong.jiang@mediatek.com>
Date: Mon, 26 Jun 2023 14:52:01 +0800
Subject: [PATCH] webview: add cgroup dir create permission

On 32 bit gsi img, when the webview launch, system will crash, due to
system_server not have the selinux permission of cgroup dir create.
Only 32 bit gsi img has this issue, 64 bit not have.

Bug: 288190486
Test: flash 32-bit GSI image and boot to check whether webview crash

Change-Id: I60fe69087ddbf97b5ebba62bf151626f9422c43c
---
 private/system_server.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/private/system_server.te b/private/system_server.te
index d30f657df..70595e361 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -1041,7 +1041,7 @@ allow system_server frp_block_device:blk_file rw_file_perms;
 allowxperm system_server frp_block_device:blk_file ioctl { BLKSECDISCARD BLKDISCARD };
 
 # Create new process groups and clean up old cgroups
-allow system_server cgroup:dir { remove_name rmdir };
+allow system_server cgroup:dir create_dir_perms;
 allow system_server cgroup_v2:dir create_dir_perms;
 allow system_server cgroup_v2:file { r_file_perms setattr };