From 01b685ce585bda8242122e71f8ca0128848cf985 Mon Sep 17 00:00:00 2001
From: weishu <twsxtd@gmail.com>
Date: Tue, 20 Feb 2024 18:16:43 +0800
Subject: [PATCH] kernel: Allow system_server to kill su process

---
 kernel/selinux/rules.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/kernel/selinux/rules.c b/kernel/selinux/rules.c
index bf80dab6..eb72f202 100644
--- a/kernel/selinux/rules.c
+++ b/kernel/selinux/rules.c
@@ -131,6 +131,10 @@ void apply_kernelsu_rules()
 	ksu_allow(db, "system_server", "untrusted_app_all_devpts", "chr_file",
 		  "write");
 
+    // Allow system server kill su process
+    ksu_allow(db, "system_server", KERNEL_SU_DOMAIN, "process", "getpgid");
+    ksu_allow(db, "system_server", KERNEL_SU_DOMAIN, "process", "sigkill");
+
 	rcu_read_unlock();
 }