crash_dump: disallow ptrace of TCB components am: f0e6a70a

am: 7f6df930

Change-Id: I6b3b7204317bdad91f44bcf6cfce7d3810693b42

private/crash_dump.te

 typeattribute crash_dump coredomain;
+
+allow crash_dump {
+  domain
+  -crash_dump
+  -init
+  -kernel
+  -keystore
+  -logd
+  -ueventd
+  -vold
+}:process { ptrace signal sigchld sigstop sigkill };

public/crash_dump.te

 type crash_dump, domain;
 type crash_dump_exec, exec_type, file_type;
 
-allow crash_dump {
-  domain
-  -init
-  -crash_dump
-  -keystore
-  -logd
-}:process { ptrace signal sigchld sigstop sigkill };
-
 # crash_dump might inherit CAP_SYS_PTRACE from a privileged process,
 # which will result in an audit log even when it's allowed to trace.
 dontaudit crash_dump self:capability { sys_ptrace };