Merge cherrypicks of [2338295, 2338197, 2338407, 2338385, 2338425, 2338465, 2338447, 2338426, 2338386, 2338387, 2338466, 2338368, 2338296, 2338198, 2338450, 2338470, 2338429, 2338390, 2338430, 2338315, 2338452, 2338453, 2338431, 2338297, 2338354, 2338200, 2338391, 2338392, 2338482, 2338357, 2338411, 2338394, 2338318, 2338370, 2338434, 2338472, 2338473, 2338395, 2338299, 2338412, 2338413, 2338454, 2338396, 2338474, 2338397, 2338360, 2338455] into nyc-mr2-security-b-release Change-Id: I2ad988743f012e26f04260f5e47df2a3983349bb

commit: 88bb4c3235b8e2a8605754c0b85cfd320060e470 [log] [tgz]
author: android-build-team Robot <android-build-team-robot@google.com> Wed May 31 20:31:41 2017 +0000
committer: android-build-team Robot <android-build-team-robot@google.com> Wed May 31 20:31:41 2017 +0000
tree: 9d4616d136d69bbfa0868d5afcda44045478fbab
parent: 27eb6492eb83c1a7fb7908704cf47ad2be241185 [diff]
parent: 06631fe6aa3ed2f2b5fb059ff46d260a82dfa4b4 [diff]
diff --git a/system_server.te b/system_server.te
index 03a7ef3..db59b65 100644
--- a/system_server.te
+++ b/system_server.te

@@ -54,16 +54,13 @@
     net_raw
     sys_boot
     sys_nice
-    sys_resource
+    sys_ptrace
     sys_time
     sys_tty_config
 };
 
 wakelock_use(system_server)
 
-# Triggered by /proc/pid accesses, not allowed.
-dontaudit system_server self:capability sys_ptrace;
-
 # Trigger module auto-load.
 allow system_server kernel:system module_request;
commit	88bb4c3235b8e2a8605754c0b85cfd320060e470	[log] [tgz]
author	android-build-team Robot <android-build-team-robot@google.com>	Wed May 31 20:31:41 2017 +0000
committer	android-build-team Robot <android-build-team-robot@google.com>	Wed May 31 20:31:41 2017 +0000
tree	9d4616d136d69bbfa0868d5afcda44045478fbab
parent	27eb6492eb83c1a7fb7908704cf47ad2be241185 [diff]
parent	06631fe6aa3ed2f2b5fb059ff46d260a82dfa4b4 [diff]