Google Git
Sign in
android / platform / system / sepolicy / refs/tags/android-o-mr1-iot-release-1.0.7^1..refs/tags/android-o-mr1-iot-release-1.0.7 / .
commitb9fd5e0e28a7acb2c655ec2be8b7e1e6b5adf50b[log] [tgz]
authorandroid-build-team Robot <android-build-team-robot@google.com>Tue Aug 21 17:29:48 2018 +0000
committerandroid-build-team Robot <android-build-team-robot@google.com>Tue Aug 21 17:29:48 2018 +0000
tree376e92fd1726b59db4c05cb04ac5c8cd5ebc5dd4
parent213dfa524ec9df03a4c773cb487f2ac3f9c1892b [diff]
parentf24154e1d9844bb489f21752c3ec317ae3dced4e [diff]
Merge cherrypicks of [4830548, 4830555, 4829713, 4830575, 4830576, 4829856, 4829857, 4829858, 4829859, 4830484, 4830595, 4830556, 4830557, 4830558, 4830559, 4830560, 4830561, 4830562, 4830563, 4829714, 4830551] into oc-mr1-iot-release

Change-Id: Ib39e589ccdc87cc818d87f0f1fae1a0223a9a74c

diff --git a/private/crash_dump.te b/private/crash_dump.te
index fb73f08..56693fd 100644
--- a/private/crash_dump.te
+++ b/private/crash_dump.te

@@ -1 +1,12 @@
 typeattribute crash_dump coredomain;
+
+allow crash_dump {
+  domain
+  -crash_dump
+  -init
+  -kernel
+  -keystore
+  -logd
+  -ueventd
+  -vold
+}:process { ptrace signal sigchld sigstop sigkill };

diff --git a/public/crash_dump.te b/public/crash_dump.te
index c101b34..e81bbd1 100644
--- a/public/crash_dump.te
+++ b/public/crash_dump.te

@@ -1,14 +1,6 @@
 type crash_dump, domain;
 type crash_dump_exec, exec_type, file_type;
 
-allow crash_dump {
-  domain
-  -init
-  -crash_dump
-  -keystore
-  -logd
-}:process { ptrace signal sigchld sigstop sigkill };
-
 # crash_dump might inherit CAP_SYS_PTRACE from a privileged process,
 # which will result in an audit log even when it's allowed to trace.
 dontaudit crash_dump self:capability { sys_ptrace };