platform_system_sepolicy/private/system_server_startup.te
Jeff Vander Stoep e0d9e50c96 system_server_startup: allow SIGCHLD to zygote
avc: denied { sigchld } for comm="main"
scontext=u:r:system_server_startup:s0 tcontext=u:r:zygote:s0
tclass=process permissive=0

Test: build
Bug: 134496658
Change-Id: I98c106b17ba1740f953c3108bd0fc927c150096f
(cherry picked from commit 67dc274f87)
2019-06-14 16:56:05 -07:00

23 lines
906 B
Text

type system_server_startup, domain, coredomain;
type system_server_startup_tmpfs, file_type;
tmpfs_domain(system_server_startup)
# Create JIT memory
allow system_server_startup self:process execmem;
allow system_server_startup system_server_startup_tmpfs:file { execute read write open map };
# Allow to pick up integrity-checked artifacts from the dalvik cache.
allow system_server_startup dalvikcache_data_file:dir r_dir_perms;
allow system_server_startup dalvikcache_data_file:file { r_file_perms execute };
# While doing the above, will touch the apex mount dir.
allow system_server_startup mnt_expand_file:dir getattr;
# Allow system_server_startup to run setcon() and enter the
# system_server domain
allow system_server_startup self:process setcurrent;
allow system_server_startup system_server:process dyntransition;
# Child of the zygote.
allow system_server_startup zygote:process sigchld;