From 4d140237b5133d1e1fb41f07cfa9d2a2d7309b34 Mon Sep 17 00:00:00 2001
From: Josh Gao <jmgao@google.com>
Date: Wed, 1 Feb 2017 15:36:42 -0800
Subject: [PATCH] crash_dump: don't allow CAP_SYS_PTRACE or CAP_KILL.

Bug: http://b/34853272
Test: debuggerd -b `pidof system_server`
Change-Id: I4c08efb9dfcc8610143f722ae0674578a2ed6869
---
 public/crash_dump.te | 1 -
 1 file changed, 1 deletion(-)

diff --git a/public/crash_dump.te b/public/crash_dump.te
index e117176c4..f70b48115 100644
--- a/public/crash_dump.te
+++ b/public/crash_dump.te
@@ -1,7 +1,6 @@
 type crash_dump, domain;
 type crash_dump_exec, exec_type, file_type;
 
-allow crash_dump self:capability { sys_ptrace kill };
 allow crash_dump {
   domain
   -init
-- 
GitLab