Grant getpgid to system_server on zygote
Should system_server kill zygote on crashes, it will attempt to kill any
process in the same process group. This ensures that no untracked
children are left.
Bug: 216097542
Test: m selinux_policy
Change-Id: Ie16074f76e351d80d9f17be930a731f923f99835
diff --git a/private/system_server.te b/private/system_server.te
index 6e108df..50d9dcc 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -97,7 +97,7 @@
crash_dump
webview_zygote
zygote
-}:process { sigkill signull };
+}:process { getpgid sigkill signull };
# Read /system/bin/app_process.
allow system_server zygote_exec:file r_file_perms;