Allow system_server to kill crosvm/virtualizationmanager VirtualizationManager (and indirectly crosvm) now runs as a child process of the client, which could be a process forked from zygote. As a result, these get tracked as phantom processes of the client and system_server will try to kill them if it chooses to kill the client. Currently this does not work because system_server is not allowed sigkill for the corresponding domains. In theory, that should not be a problem because virtualizationmanager will automatically kill any crosvm instances and terminate itself if its parent dies, but we should not rely on that fact and instead give system_server the ultimate control over app process termination. Bug: 269461627 Test: atest MicrodroidTestApp Change-Id: Ie0ba5388d00a51812c9424c37f2f74983bea9db8

commit: f3a922c453e8fdd3245a7710371ebdfc1ef561ad [log] [tgz]
author: David Brazdil <dbrazdil@google.com> Fri Feb 24 11:02:55 2023 +0000
committer: David Brazdil <dbrazdil@google.com> Mon Mar 06 14:31:51 2023 +0000
tree: 783cc8fe3fb70f322a7307da2633f9590e2d54f4
parent: 10a639613ae790585f4f91b97661cd62d3da8b6c [diff] [blame]
diff --git a/private/system_server.te b/private/system_server.te
index b3c7528..3cff939 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -102,10 +102,12 @@
 allow system_server zygote:fd use;
 allow system_server zygote:process sigchld;
 
-# May kill zygote on crashes.
+# May kill zygote (or its child processes) on crashes.
 allow system_server {
   app_zygote
   crash_dump
+  crosvm
+  virtualizationmanager
   webview_zygote
   zygote
 }:process { getpgid sigkill signull };
commit	f3a922c453e8fdd3245a7710371ebdfc1ef561ad	[log] [tgz]
author	David Brazdil <dbrazdil@google.com>	Fri Feb 24 11:02:55 2023 +0000
committer	David Brazdil <dbrazdil@google.com>	Mon Mar 06 14:31:51 2023 +0000
tree	783cc8fe3fb70f322a7307da2633f9590e2d54f4
parent	10a639613ae790585f4f91b97661cd62d3da8b6c [diff] [blame]