Merge "Re-order rules to match AOSP." into stage-aosp-master am: 95b223b4

am: 14c5117b Change-Id: Ifd915ad3b6864e037b5ab559d9bf3f0e71fa0fb0

Merge "Re-order rules to match AOSP." into stage-aosp-master am: 95b223b4
am: 14c5117b Change-Id: Ifd915ad3b6864e037b5ab559d9bf3f0e71fa0fb0
ac0bfccb · Alan Stokes · android-build-merger · 7b377b1f · 14c5117b · ac0bfccb
Commit ac0bfccb authored 6 years ago by Alan Stokes Committed by android-build-merger 6 years ago
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -126,10 +126,6 @@ unix_socket_connect(untrusted_app_all, traced_producer, traced)
 allow untrusted_app_all system_server:udp_socket {
        connect getattr read recvfrom sendto write getopt setopt };
-# Allow the allocation and use of ptys
-# Used by: https://play.google.com/store/apps/details?id=jackpal.androidterm
-create_pty(untrusted_app_all)
 # This is allowed for targetSdkVersion <= 25 but disallowed on newer versions.
 dontaudit untrusted_app_all net_dns_prop:file read;
@@ -139,6 +135,10 @@ dontaudit untrusted_app_all proc_stat:file read;
 dontaudit untrusted_app_all proc_vmstat:file read;
 dontaudit untrusted_app_all proc_uptime:file read;
+# Allow the allocation and use of ptys
+# Used by: https://play.google.com/store/apps/details?id=jackpal.androidterm
+create_pty(untrusted_app_all)
 # /proc/net access.
 # TODO(b/9496886) Audit access for removal.
 # VPN apps require access to /proc/net/{tcp,udp} so access will need to be