tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

odrefresh: add permission to sigkill child processes am: 86477d7933 am: 851dac17cc

Browse source 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/15612002

Change-Id: I378ad0eaecb74ef837964483574d4e297370f7ba
This commit is contained in:
Orion Hodson 2021-08-19 10:43:55 +00:00 committed by Automerger Merge Worker
commit fb7a946b06
2 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
prebuilts/api/31.0/private/odrefresh.te
View file

@ -21,9 +21,15 @@ allow odrefresh apex_art_staging_data_file:file create_file_perms;
# Run dex2oat in its own sandbox.
domain_auto_trans(odrefresh, dex2oat_exec, dex2oat)
# Allow odrefresh to kill dex2oat if compilation times out.
allow odrefresh dex2oat:process sigkill;
# Run dexoptanalyzer in its own sandbox.
domain_auto_trans(odrefresh, dexoptanalyzer_exec, dexoptanalyzer)
# Allow odrefresh to kill dexoptanalyzer if analysis times out.
allow odrefresh dexoptanalyzer:process sigkill;
# Use devpts and fd from odsign (which exec()'s odrefresh)
allow odrefresh odsign_devpts:chr_file { read write };
allow odrefresh odsign:fd use;

6
private/odrefresh.te
View file

@ -21,9 +21,15 @@ allow odrefresh apex_art_staging_data_file:file create_file_perms;
# Run dex2oat in its own sandbox.
domain_auto_trans(odrefresh, dex2oat_exec, dex2oat)
# Allow odrefresh to kill dex2oat if compilation times out.
allow odrefresh dex2oat:process sigkill;
# Run dexoptanalyzer in its own sandbox.
domain_auto_trans(odrefresh, dexoptanalyzer_exec, dexoptanalyzer)
# Allow odrefresh to kill dexoptanalyzer if analysis times out.
allow odrefresh dexoptanalyzer:process sigkill;
# Use devpts and fd from odsign (which exec()'s odrefresh)
allow odrefresh odsign_devpts:chr_file { read write };
allow odrefresh odsign:fd use;