microdroid: Narrow property permissions am: 5ee61a7628 am: dd654ff844 Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1830052 Change-Id: Iea35db3b561474f523529ab38d8fb1d2054e31be

commit: 6c18145d9b58813d3961983a956bd8f869d6b17a [log] [tgz]
author: Inseob Kim <inseob@google.com> Thu Sep 23 09:58:17 2021 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Thu Sep 23 09:58:17 2021 +0000
tree: 84e6af95e6fb7ba022d97939b251cdad58f03fdc
parent: d0a366255414224e8334b2164f3a1f3b07d25788 [diff]
parent: dd654ff844b0060e081e0bcc03d21ed453f58323 [diff]
diff --git a/prebuilts/api/31.0/private/odrefresh.te b/prebuilts/api/31.0/private/odrefresh.te
index 7a64247..3db1ae8 100644
--- a/prebuilts/api/31.0/private/odrefresh.te
+++ b/prebuilts/api/31.0/private/odrefresh.te

@@ -21,9 +21,15 @@
 # Run dex2oat in its own sandbox.
 domain_auto_trans(odrefresh, dex2oat_exec, dex2oat)
 
+# Allow odrefresh to kill dex2oat if compilation times out.
+allow odrefresh dex2oat:process sigkill;
+
 # Run dexoptanalyzer in its own sandbox.
 domain_auto_trans(odrefresh, dexoptanalyzer_exec, dexoptanalyzer)
 
+# Allow odrefresh to kill dexoptanalyzer if analysis times out.
+allow odrefresh dexoptanalyzer:process sigkill;
+
 # Use devpts and fd from odsign (which exec()'s odrefresh)
 allow odrefresh odsign_devpts:chr_file { read write };
 allow odrefresh odsign:fd use;
commit	6c18145d9b58813d3961983a956bd8f869d6b17a	[log] [tgz]
author	Inseob Kim <inseob@google.com>	Thu Sep 23 09:58:17 2021 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Thu Sep 23 09:58:17 2021 +0000
tree	84e6af95e6fb7ba022d97939b251cdad58f03fdc
parent	d0a366255414224e8334b2164f3a1f3b07d25788 [diff]
parent	dd654ff844b0060e081e0bcc03d21ed453f58323 [diff]