From 05056457d4b11ff0f1686c63004ba2e2dc81bfbc Mon Sep 17 00:00:00 2001
From: David Pursell <dpursell@google.com>
Date: Mon, 14 Sep 2015 17:29:37 -0700
Subject: [PATCH] adb: add adbd -> shell signal permissions.

adbd needs to kill spawned subprocesses if the client terminates
the connection. SIGHUP will be used for this purpose, which
requires the process:signal permission.

Bug: http://b/23825725
Change-Id: I36d19e14809350dd6791a8a44f01b2169effbfd4
---
 adbd.te | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/adbd.te b/adbd.te
index cac234359..966b10c77 100644
--- a/adbd.te
+++ b/adbd.te
@@ -9,8 +9,9 @@ userdebug_or_eng(`
 
 domain_auto_trans(adbd, shell_exec, shell)
 
-# Do not sanitize the environment or open fds of the shell.
-allow adbd shell:process noatsecure;
+# Do not sanitize the environment or open fds of the shell. Allow signaling
+# created processes.
+allow adbd shell:process { noatsecure signal };
 
 # Set UID and GID to shell.  Set supplementary groups.
 allow adbd self:capability { setuid setgid };
-- 
GitLab