Allow netd to perform SIGKILL on process dnsmasq In tetherStop(), netd will send SIGKILL to dnsmasq if SIGTERM is failed. But there is no corresponding sepolicy in netd.te. Bug: 256784822 Test: atest netd_integration_test:NetdBinderTest#TetherStartStopStatus with aosp/2591245 => fail atest netd_integration_test:NetdBinderTest#TetherStartStopStatus with aosp/2591245 + this commit => pass Change-Id: I16a19a95c3c8ffb35dcc394b4dc329b20ecb26a3

commit: 099da6da31f83b6b75c1e0d1ae4efe932f2ba7e1 [log] [tgz]
author: Ken Chen <cken@google.com> Tue May 16 15:54:31 2023 +0800
committer: Ken Chen <cken@google.com> Tue May 16 16:36:24 2023 +0800
tree: 2f5dd39b947a050b05ffa8ac1148d9e863cdf42b
parent: c9d2b575fc05b83f9a9988db157fc6a29691003c [diff]
diff --git a/public/netd.te b/public/netd.te
index e3ea1cb..3854017 100644
--- a/public/netd.te
+++ b/public/netd.te

@@ -80,7 +80,7 @@
 allow netd system_file:file lock;
 
 # Allow netd to spawn dnsmasq in it's own domain
-allow netd dnsmasq:process signal;
+allow netd dnsmasq:process { sigkill signal };
 
 # Allow netd to publish a binder service and make binder calls.
 binder_use(netd)
commit	099da6da31f83b6b75c1e0d1ae4efe932f2ba7e1	[log] [tgz]
author	Ken Chen <cken@google.com>	Tue May 16 15:54:31 2023 +0800
committer	Ken Chen <cken@google.com>	Tue May 16 16:36:24 2023 +0800
tree	2f5dd39b947a050b05ffa8ac1148d9e863cdf42b
parent	c9d2b575fc05b83f9a9988db157fc6a29691003c [diff]