Add getpgid to system_service and init

In libprocessgroup, we want to only send signals once to processes, particularly for SIGTERM. We must send the signal both to all processes within a POSIX process group and a cgroup. To ensure that we do not duplicate the signals being sent, we check the processes in the cgroup to see if they're in the POSIX process groups that we're killing. If they are, we skip sending a second signal. This requires getpgid permissions, hence this SELinux change. avc: denied { getpgid } for pid=797 comm="ActivityManager" scontext=u:r:system_server:s0 tcontext=u:r:untrusted_app_25:s0:c512,c768 tclass=process permissive=1 avc: denied { getpgid } for pid=797 comm="ActivityManager" scontext=u:r:system_server:s0 tcontext=u:r:untrusted_app_25:s0:c512,c768 tclass=process permissive=1 avc: denied { getpgid } for pid=797 comm="ActivityManager" scontext=u:r:system_server:s0 tcontext=u:r:system_app:s0 tclass=process permissive=1 avc: denied { getpgid } for pid=797 comm="ActivityManager" scontext=u:r:system_server:s0 tcontext=u:r:system_app:s0 tclass=process permissive=1 avc: denied { getpgid } for pid=1 comm="init" scontext=u:r:init:s0 tcontext=u:r:zygote:s0 tclass=process permissive=1 avc: denied { getpgid } for pid=1 comm="init" scontext=u:r:init:s0 tcontext=u:r:zygote:s0 tclass=process permissive=1 avc: denied { getpgid } for pid=1 comm="init" scontext=u:r:init:s0 tcontext=u:r:system_server:s0 tclass=process permissive=1 avc: denied { getpgid } for pid=1 comm="init" scontext=u:r:init:s0 tcontext=u:r:system_server:s0 tclass=process permissive=1 Bug: 37853905 Bug: 62418791 Test: Boot, kill zygote, reboot Change-Id: Ib6c265dbaac8833c47145ae28fb6594ca8545570

Add getpgid to system_service and init
In libprocessgroup, we want to only send signals once to processes, particularly for SIGTERM. We must send the signal both to all processes within a POSIX process group and a cgroup. To ensure that we do not duplicate the signals being sent, we check the processes in the cgroup to see if they're in the POSIX process groups that we're killing. If they are, we skip sending a second signal. This requires getpgid permissions, hence this SELinux change. avc: denied { getpgid } for pid=797 comm="ActivityManager" scontext=u:r:system_server:s0 tcontext=u:r:untrusted_app_25:s0:c512,c768 tclass=process permissive=1 avc: denied { getpgid } for pid=797 comm="ActivityManager" scontext=u:r:system_server:s0 tcontext=u:r:untrusted_app_25:s0:c512,c768 tclass=process permissive=1 avc: denied { getpgid } for pid=797 comm="ActivityManager" scontext=u:r:system_server:s0 tcontext=u:r:system_app:s0 tclass=process permissive=1 avc: denied { getpgid } for pid=797 comm="ActivityManager" scontext=u:r:system_server:s0 tcontext=u:r:system_app:s0 tclass=process permissive=1 avc: denied { getpgid } for pid=1 comm="init" scontext=u:r:init:s0 tcontext=u:r:zygote:s0 tclass=process permissive=1 avc: denied { getpgid } for pid=1 comm="init" scontext=u:r:init:s0 tcontext=u:r:zygote:s0 tclass=process permissive=1 avc: denied { getpgid } for pid=1 comm="init" scontext=u:r:init:s0 tcontext=u:r:system_server:s0 tclass=process permissive=1 avc: denied { getpgid } for pid=1 comm="init" scontext=u:r:init:s0 tcontext=u:r:system_server:s0 tclass=process permissive=1 Bug: 37853905 Bug: 62418791 Test: Boot, kill zygote, reboot Change-Id: Ib6c265dbaac8833c47145ae28fb6594ca8545570
c59eb4d8 · Tom Cherry · 06486796 · c59eb4d8 · c59eb4d8
Commit c59eb4d8 authored 7 years ago by Tom Cherry
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -95,7 +95,7 @@ allow system_server self:socket create_socket_perms_no_ioctl;
 allow system_server self:netlink_route_socket nlmsg_write;
 # Kill apps.
-allow system_server appdomain:process { sigkill signal };
+allow system_server appdomain:process { getpgid sigkill signal };
 # Set scheduling info for apps.
 allow system_server appdomain:process { getsched setsched };

--- a/public/init.te
+++ b/public/init.te
@@ -270,7 +270,7 @@ allow init misc_logd_file:file { open create getattr setattr write };
 # Support "adb shell stop"
 allow init self:capability kill;
-allow init domain:process { sigkill signal };
+allow init domain:process { getpgid sigkill signal };
 # Init creates keystore's directory on boot, and walks through
 # the directory as part of a recursive restorecon.