exclude su from transitioning to crash_dump domain

When /system/bin/crash_dump is executed from the su domain, do not perform a domain transition. This allows processes run from that domain to crash normally without SELinux interfering. Bug: 114136122 Test: cferris: "This change works for me. I ran the crasher executable on /data, /data/nativetest, /data/nativetest64 (and even /data/local/tmp). All of them show that crash_dump can read the executables." Change-Id: Ic135d61b11774acff37ebfb35831497cddbefdef

exclude su from transitioning to crash_dump domain
e6f33f53 · Nick Kralevich · 7b229405 · e6f33f53
Commit e6f33f53 authored 6 years ago by Nick Kralevich
--- a/private/domain.te
+++ b/private/domain.te
 # Transition to crash_dump when /system/bin/crash_dump* is executed.
 # This occurs when the process crashes.
-domain_auto_trans(domain, crash_dump_exec, crash_dump);
+# We do not apply this to the su domain to avoid interfering with
+# tests (b/114136122)
+domain_auto_trans({ domain userdebug_or_eng(`-su') }, crash_dump_exec, crash_dump);
 allow domain crash_dump:process sigchld;

 # Limit ability to ptrace or read sensitive /proc/pid files of processes