don\'t allow debuggerd to ptrace itself.

am: 2d6fa723 * commit '2d6fa723': don't allow debuggerd to ptrace itself. Change-Id: Iba10da2ff54f8a2802795443bae6218afd21ceea

don\'t allow debuggerd to ptrace itself.
f627abdd · Nick Kralevich · android-build-merger · 693c447c · 2d6fa723 · f627abdd
Commit f627abdd authored Apr 27, 2016 by Nick Kralevich Committed by android-build-merger Apr 27, 2016
--- a/debuggerd.te
+++ b/debuggerd.te
@@ -9,7 +9,16 @@ allow debuggerd self:capability2 { syslog };
 allow debuggerd domain:dir r_dir_perms;
 allow debuggerd domain:file r_file_perms;
 allow debuggerd domain:lnk_file read;
-allow debuggerd { domain -init -ueventd -watchdogd -healthd -adbd -keystore }:process { ptrace getattr };
+allow debuggerd {
+  domain
+  -adbd
+  -debuggerd
+  -healthd
+  -init
+  -keystore
+  -ueventd
+  -watchdogd
+}:process { ptrace getattr };
 security_access_policy(debuggerd)
 allow debuggerd tombstone_data_file:dir rw_dir_perms;
 allow debuggerd tombstone_data_file:file create_file_perms;