Merge cherrypicks of [2315763, 2315554, 2315573, 2315765, 2315712, 2315595, 2315713, 2315746, 2315786, 2315799, 2315576, 2315800, 2315673, 2315821, 2315578, 2315597, 2315633, 2315598, 2315769, 2315716, 2315634, 2315823, 2315801, 2315636, 2315717, 2315772, 2315753, 2315803, 2315638, 2315840, 2315841, 2315842, 2315824, 2315791, 2315879, 2315804, 2315827, 2315863, 2315792, 2315864, 2315755, 2315882, 2315756, 2315828, 2315793, 2315865, 2315883, 2315899, 2315885, 2315796, 2315869, 2315923, 2315924, 2315943] into nyc-mr1-security-e-release Change-Id: I7f560062d652ef8c307ce1c6ef8e248d669826ef

commit: 7ae7fddf38903ace7fd76e193982ed536670e37b [log] [tgz]
author: android-build-team Robot <android-build-team-robot@google.com> Thu May 25 17:52:17 2017 +0000
committer: android-build-team Robot <android-build-team-robot@google.com> Thu May 25 17:52:17 2017 +0000
tree: f98dfb272bd869a021ecb67157832f7fffd06923
parent: 54a3eecf8883cb2a9a102e35e9f4fa7b9dadb056 [diff]
parent: e9ead7dbb1e1114ad7bfb64e7b59f75a5935c447 [diff]
diff --git a/system_server.te b/system_server.te
index 03a7ef3..db59b65 100644
--- a/system_server.te
+++ b/system_server.te

@@ -54,16 +54,13 @@
     net_raw
     sys_boot
     sys_nice
-    sys_resource
+    sys_ptrace
     sys_time
     sys_tty_config
 };
 
 wakelock_use(system_server)
 
-# Triggered by /proc/pid accesses, not allowed.
-dontaudit system_server self:capability sys_ptrace;
-
 # Trigger module auto-load.
 allow system_server kernel:system module_request;
commit	7ae7fddf38903ace7fd76e193982ed536670e37b	[log] [tgz]
author	android-build-team Robot <android-build-team-robot@google.com>	Thu May 25 17:52:17 2017 +0000
committer	android-build-team Robot <android-build-team-robot@google.com>	Thu May 25 17:52:17 2017 +0000
tree	f98dfb272bd869a021ecb67157832f7fffd06923
parent	54a3eecf8883cb2a9a102e35e9f4fa7b9dadb056 [diff]
parent	e9ead7dbb1e1114ad7bfb64e7b59f75a5935c447 [diff]