Merge cherrypicks of [4830548, 4830555, 4829713, 4830575, 4830576, 4829856, 4829857, 4829858, 4829859, 4830484, 4830595, 4830556, 4830557, 4830558, 4830559, 4830560, 4830561, 4830562, 4830563, 4829714, 4830551] into oc-mr1-iot-release
Change-Id: Ib39e589ccdc87cc818d87f0f1fae1a0223a9a74c
diff --git a/private/crash_dump.te b/private/crash_dump.te
index fb73f08..56693fd 100644
--- a/private/crash_dump.te
+++ b/private/crash_dump.te
@@ -1 +1,12 @@
typeattribute crash_dump coredomain;
+
+allow crash_dump {
+ domain
+ -crash_dump
+ -init
+ -kernel
+ -keystore
+ -logd
+ -ueventd
+ -vold
+}:process { ptrace signal sigchld sigstop sigkill };
diff --git a/public/crash_dump.te b/public/crash_dump.te
index c101b34..e81bbd1 100644
--- a/public/crash_dump.te
+++ b/public/crash_dump.te
@@ -1,14 +1,6 @@
type crash_dump, domain;
type crash_dump_exec, exec_type, file_type;
-allow crash_dump {
- domain
- -init
- -crash_dump
- -keystore
- -logd
-}:process { ptrace signal sigchld sigstop sigkill };
-
# crash_dump might inherit CAP_SYS_PTRACE from a privileged process,
# which will result in an audit log even when it's allowed to trace.
dontaudit crash_dump self:capability { sys_ptrace };