release-request-556939d2-cc5e-453a-b797-8a7cb6dacac2-for-git_nyc-mr1-security-f-release-4118426 snap-temp-L72200000081371809 Change-Id: I596d6ee7f3d68ea0a2803c060265aed77c678c28

commit: 57f98c1b4041d2cc5552b7475672d165c31bea90 [log] [tgz]
author: android-build-team Robot <android-build-team-robot@google.com> Tue Jul 11 22:40:50 2017 +0000
committer: android-build-team Robot <android-build-team-robot@google.com> Tue Jul 11 22:40:50 2017 +0000
tree: f98dfb272bd869a021ecb67157832f7fffd06923
parent: 54a3eecf8883cb2a9a102e35e9f4fa7b9dadb056 [diff]
parent: 7ae7fddf38903ace7fd76e193982ed536670e37b [diff]
diff --git a/system_server.te b/system_server.te
index 03a7ef3..db59b65 100644
--- a/system_server.te
+++ b/system_server.te

@@ -54,16 +54,13 @@
     net_raw
     sys_boot
     sys_nice
-    sys_resource
+    sys_ptrace
     sys_time
     sys_tty_config
 };
 
 wakelock_use(system_server)
 
-# Triggered by /proc/pid accesses, not allowed.
-dontaudit system_server self:capability sys_ptrace;
-
 # Trigger module auto-load.
 allow system_server kernel:system module_request;
commit	57f98c1b4041d2cc5552b7475672d165c31bea90	[log] [tgz]
author	android-build-team Robot <android-build-team-robot@google.com>	Tue Jul 11 22:40:50 2017 +0000
committer	android-build-team Robot <android-build-team-robot@google.com>	Tue Jul 11 22:40:50 2017 +0000
tree	f98dfb272bd869a021ecb67157832f7fffd06923
parent	54a3eecf8883cb2a9a102e35e9f4fa7b9dadb056 [diff]
parent	7ae7fddf38903ace7fd76e193982ed536670e37b [diff]