commit 82c181c2db12daea2dc8c3651647acf25bf38c64
author android-build-team Robot <android-build-team-robot@google.com> Wed Aug 01 21:36:43 2018 +0000
committer android-build-team Robot <android-build-team-robot@google.com> Wed Aug 01 21:36:43 2018 +0000
tree a0d4e82de71f71d0579149e76bf699581acfb709
parent 215ae4854cefa6404b8b60beea5d42822f7f8288
parent e71bd90d4908f647de9ff955f17a8b0cca2708ec

Merge cherrypicks of [4667264, 4667744, 4667382, 4666687, 4667506, 4667745, 4667225, 4667226, 4667227, 4667228, 4668483, 4668486, 4668487, 4668489, 4666733, 4668492, 4668493, 4668495, 4667548, 4667482, 4667549, 4667550, 4667551, 4667552, 4667553, 4667554, 4667555, 4667556, 4666734, 4666688, 4668511, 4668531, 4667265] into pi-release

Change-Id: I8c3ca924de694cd4646a47fa8235ceb2b03331d1

prebuilts/api/28.0/private/crash_dump.te

diff --git a/prebuilts/api/28.0/private/crash_dump.te b/prebuilts/api/28.0/private/crash_dump.te
index fb73f08..c3d2ed5 100644
--- a/prebuilts/api/28.0/private/crash_dump.te
+++ b/prebuilts/api/28.0/private/crash_dump.te
@@ -1 +1,14 @@
 typeattribute crash_dump coredomain;
+
+allow crash_dump {
+  domain
+  -bpfloader
+  -crash_dump
+  -init
+  -kernel
+  -keystore
+  -logd
+  -ueventd
+  -vendor_init
+  -vold
+}:process { ptrace signal sigchld sigstop sigkill };

prebuilts/api/28.0/public/crash_dump.te

diff --git a/prebuilts/api/28.0/public/crash_dump.te b/prebuilts/api/28.0/public/crash_dump.te
index f778d28..cd1e5a8 100644
--- a/prebuilts/api/28.0/public/crash_dump.te
+++ b/prebuilts/api/28.0/public/crash_dump.te
@@ -1,14 +1,6 @@
 type crash_dump, domain;
 type crash_dump_exec, exec_type, file_type;
 
-allow crash_dump {
-  domain
-  -init
-  -crash_dump
-  -keystore
-  -logd
-}:process { ptrace signal sigchld sigstop sigkill };
-
 # crash_dump might inherit CAP_SYS_PTRACE from a privileged process,
 # which will result in an audit log even when it's allowed to trace.
 dontaudit crash_dump self:global_capability_class_set { sys_ptrace };

private/crash_dump.te

diff --git a/private/crash_dump.te b/private/crash_dump.te
index fb73f08..c3d2ed5 100644
--- a/private/crash_dump.te
+++ b/private/crash_dump.te
@@ -1 +1,14 @@
 typeattribute crash_dump coredomain;
+
+allow crash_dump {
+  domain
+  -bpfloader
+  -crash_dump
+  -init
+  -kernel
+  -keystore
+  -logd
+  -ueventd
+  -vendor_init
+  -vold
+}:process { ptrace signal sigchld sigstop sigkill };

public/crash_dump.te

diff --git a/public/crash_dump.te b/public/crash_dump.te
index f778d28..cd1e5a8 100644
--- a/public/crash_dump.te
+++ b/public/crash_dump.te
@@ -1,14 +1,6 @@
 type crash_dump, domain;
 type crash_dump_exec, exec_type, file_type;
 
-allow crash_dump {
-  domain
-  -init
-  -crash_dump
-  -keystore
-  -logd
-}:process { ptrace signal sigchld sigstop sigkill };
-
 # crash_dump might inherit CAP_SYS_PTRACE from a privileged process,
 # which will result in an audit log even when it's allowed to trace.
 dontaudit crash_dump self:global_capability_class_set { sys_ptrace };