Add support for pbtombstone executable
Added labeling and permissions for /system/bin/pbtombstone across various files, namely: plat_file_contexts_test, 202504.ignore.cil, and system_server.te. Updated file contexts and defined pbtombstone_exec as a system executable to ensure compatibility and proper execution.
Bug: 323857385
Flag: EXEMPT permissions update
Test: m && manual tests and permission check
Change-Id: I0d20366bb452f98d339dd413e074d5bd94b9549e
diff --git a/private/system_server.te b/private/system_server.te
index 57536de..be486ac 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -1168,6 +1168,9 @@
# Allow invoking tools like "timeout"
allow system_server toolbox_exec:file rx_file_perms;
+# Allow invoking pbtombstone
+allow system_server pbtombstone_exec:file rx_file_perms;
+
# Allow system process to setup fs-verity
allowxperm system_server { apk_data_file apk_tmp_file system_data_file apex_system_server_data_file }:file ioctl FS_IOC_ENABLE_VERITY;
@@ -1360,6 +1363,7 @@
file_type
-toolbox_exec
-logcat_exec
+ -pbtombstone_exec
with_asan(`-shell_exec -asanwrapper_exec -zygote_exec')
}:file execute_no_trans;