Merge "debuggerd.te: allow debuggerd to drop root." am: 751c0075

am: 4706a088 * commit '4706a088': debuggerd.te: allow debuggerd to drop root.

Merge "debuggerd.te: allow debuggerd to drop root." am: 751c0075
am: 4706a088 * commit '4706a088': debuggerd.te: allow debuggerd to drop root.
63d08d8f · Josh Gao · android-build-merger · fea761b4 · 4706a088 · 63d08d8f
Commit 63d08d8f authored 9 years ago by Josh Gao Committed by android-build-merger 9 years ago
--- a/debuggerd.te
+++ b/debuggerd.te
@@ -4,17 +4,14 @@ type debuggerd_exec, exec_type, file_type;
 init_daemon_domain(debuggerd)
 typeattribute debuggerd mlstrustedsubject;
-allow debuggerd self:capability { dac_override sys_ptrace chown kill fowner };
+allow debuggerd self:capability { dac_override sys_ptrace chown kill fowner setuid setgid };
 allow debuggerd self:capability2 { syslog };
 allow debuggerd domain:dir r_dir_perms;
 allow debuggerd domain:file r_file_perms;
 allow debuggerd domain:lnk_file read;
 allow debuggerd { domain -init -ueventd -watchdogd -healthd -adbd -keystore }:process { ptrace getattr };
 security_access_policy(debuggerd)
-allow debuggerd system_data_file:dir create_dir_perms;
+allow debuggerd tombstone_data_file:dir rw_dir_perms;
-allow debuggerd system_data_file:dir relabelfrom;
-allow debuggerd tombstone_data_file:dir relabelto;
-allow debuggerd tombstone_data_file:dir create_dir_perms;
 allow debuggerd tombstone_data_file:file create_file_perms;
 allow debuggerd shared_relro_file:dir r_dir_perms;
 allow debuggerd shared_relro_file:file r_file_perms;