From abead06f60370dfe4adcca7eac6420045fb402e0 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Wed, 16 Mar 2016 12:55:42 -0700
Subject: [PATCH] allow priv_app self:process ptrace

The changes to ptrace in
https://android-review.googlesource.com/#/c/175786/ (removing it from
app.te and only adding it to isolated_app and untrusted_app) broke
WebView crash handling in cases where privileged apps (like gmscore) use
WebView.

The only way to fix this would be to allow priv_app to self-ptrace as
well. :/

Bug: 27697529
Change-Id: Ib9a3810dddc9f4213b6260133cbae23f669ae8dc
---
 priv_app.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/priv_app.te b/priv_app.te
index e2645c798..67e91cdb2 100644
--- a/priv_app.te
+++ b/priv_app.te
@@ -8,6 +8,9 @@ net_domain(priv_app)
 # Access bluetooth.
 bluetooth_domain(priv_app)
 
+# webview crash handling depends on self ptrace (b/27697529, b/20150694, b/19277529#comment7)
+allow priv_app self:process ptrace;
+
 # Some apps ship with shared libraries and binaries that they write out
 # to their sandbox directory and then execute.
 allow priv_app app_data_file:file rx_file_perms;
-- 
GitLab