SELinux changes to accomodate starting the webview_zygote as a child of the zygote. In this architecture, the system_server instructs the zygote to fork a child-zygote to be the webview_zygote. The system_server tells this new zygote to listen for fork requests on a random abstract unix socket of its choosing. A follow-up CL will remove the rules for starting webview_zygote via init. Bug: 63749735 Test: m Test: Launch "Third-party licenses" activity from Settings, and it renders correctly via the WebView. Merged-In: I864743943c11c18de386010ecd4b616721cb9954 Change-Id: I1c352e47b66eca3a3fa641daa6ecc3e7a889b54e

commit: febdfa4edf29f17895c202843e8a29f70ad6b28f [log] [tgz]
author: Robert Sesek <rsesek@google.com> Tue Jan 30 10:54:33 2018 -0500
committer: Robert Sesek <rsesek@google.com> Wed Feb 14 19:00:48 2018 -0500
tree: 796f75dbfdcda325abde6e10317eac814315ff6c
parent: 946b4b76f02563c609bb27cad79738a168eb04d4 [diff] [blame]
diff --git a/private/system_server.te b/private/system_server.te
index 752dee7..6e6212e 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -36,6 +36,7 @@
 # May kill zygote on crashes.
 allow system_server zygote:process sigkill;
 allow system_server crash_dump:process sigkill;
+allow system_server webview_zygote:process sigkill;
 
 # Read /system/bin/app_process.
 allow system_server zygote_exec:file r_file_perms;
commit	febdfa4edf29f17895c202843e8a29f70ad6b28f	[log] [tgz]
author	Robert Sesek <rsesek@google.com>	Tue Jan 30 10:54:33 2018 -0500
committer	Robert Sesek <rsesek@google.com>	Wed Feb 14 19:00:48 2018 -0500
tree	796f75dbfdcda325abde6e10317eac814315ff6c
parent	946b4b76f02563c609bb27cad79738a168eb04d4 [diff] [blame]