resolved conflicts for f57e2fd7 to master

Change-Id: I2a178737f43bae53de9c1fcdcfba4d2717c67fd5

resolved conflicts for f57e2fd7 to master
b69ebb1b · Nick Kralevich · 00eea6d8 · f57e2fd7 · b69ebb1b · b69ebb1b
Commit b69ebb1b authored 9 years ago by Nick Kralevich
--- a/app.te
+++ b/app.te
@@ -19,9 +19,6 @@ allow appdomain zygote:fd use;
 # valgrind needs mmap exec for zygote
 allow appdomain zygote_exec:file rx_file_perms;
-# gdbserver for ndk-gdb ptrace attaches to app process.
-allow appdomain self:process ptrace;
 # Read system properties managed by zygote.
 allow appdomain zygote_tmpfs:file read;

--- a/isolated_app.te
+++ b/isolated_app.te
@@ -18,6 +18,13 @@ allow isolated_app app_data_file:file { read write getattr lock };
 allow isolated_app activity_service:service_manager find;
 allow isolated_app display_service:service_manager find;
+# Google Breakpad (crash reporter for Chrome) relies on ptrace
+# functionality. Without the ability to ptrace, the crash reporter
+# tool is broken.
+# b/20150694
+# https://code.google.com/p/chromium/issues/detail?id=475270
+allow isolated_app self:process ptrace;
 #####
 ##### Neverallow
 #####

--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -110,6 +110,9 @@ userdebug_or_eng(`
  allow untrusted_app perfprofd_data_file:dir r_dir_perms;
 ')
+# gdbserver for ndk-gdb ptrace attaches to app process.
+allow untrusted_app self:process ptrace;
 # Programs routinely attempt to scan through /system, looking
 # for files. Suppress the denials when they occur.
 dontaudit untrusted_app exec_type:file getattr;