From e9623d8fe698c4600660ec4a7598f0d6cf083e3a Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Fri, 3 Oct 2014 09:24:59 -0400
Subject: [PATCH] Exclude isolated_app from ptrace self.

Change-Id: I29136a805d2329806afc9d5d81af934a1803d8e0
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 app.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app.te b/app.te
index 827a3be9f..d03b9aa86 100644
--- a/app.te
+++ b/app.te
@@ -19,7 +19,7 @@ allow appdomain zygote:fd use;
 allow appdomain zygote_exec:file rx_file_perms;
 
 # gdbserver for ndk-gdb ptrace attaches to app process.
-allow appdomain self:process ptrace;
+allow { appdomain -isolated_app } self:process ptrace;
 
 # Read system properties managed by zygote.
 allow appdomain zygote_tmpfs:file read;
-- 
GitLab