From d618eb6f9cca63509fa05917680b7395ffc5fe60 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Tue, 1 Dec 2015 10:26:33 -0800
Subject: [PATCH] Allow appdomains to write on cgroup so it can start threads.

Addresses the following denial:

  avc: denied { write } for path="/dev/cpuctl/bg_non_interactive/tasks" dev="cgroup" ino=716 scontext=u:r:shell:s0 tcontext=u:object_r:cgroup:s0 tclass=file permissive=0

which started occurring because of https://android-review.googlesource.com/184260

Bug: 25945485
Change-Id: I6dcfb4bcfc473478e01e0e4690abf84c24128045
---
 app.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/app.te b/app.te
index 0ac69f66f..78da5b725 100644
--- a/app.te
+++ b/app.te
@@ -25,6 +25,10 @@ allow appdomain zygote_tmpfs:file read;
 # Notify zygote of death;
 allow appdomain zygote:process sigchld;
 
+# Place process into foreground / background
+allow appdomain cgroup:dir { search write };
+allow appdomain cgroup:file w_file_perms;
+
 userdebug_or_eng(`
   # Notify zygote of the wrapped process PID when using --invoke-with.
   allow appdomain zygote:fifo_file write;
-- 
GitLab