From df642bef221846b77649bc2dab9f76e78de35956 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Wed, 22 Nov 2017 09:59:08 -0800
Subject: [PATCH] Continuation of 9b2e0cbeeaae560b07e4ffa6e5b8e505699e4a76

9b2e0cbeeaae560b07e4ffa6e5b8e505699e4a76 changed all uses of capability
to global_capability_class_set but accidentally omitted one entry.
Fix the one entry.

Test: policy compiles.
Change-Id: I1bb8c494a2660d9f02783c93b07d4238a2575106
---
 private/system_server.te | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/private/system_server.te b/private/system_server.te
index eaa141289..c10a617ef 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -787,8 +787,7 @@ neverallow system_server { domain -system_server }:process ptrace;
 
 # CAP_SYS_RESOURCE was traditionally needed for sensitive /proc/PID
 # file read access. However, that is now unnecessary (b/34951864)
-# This neverallow can be removed after b/34951864 is fixed.
-neverallow system_server system_server:capability sys_resource;
+neverallow system_server system_server:global_capability_class_set sys_resource;
 
 # TODO(b/67468181): Remove following lines upon resolution of this bug
 dontaudit system_server statscompanion_service:service_manager { add find };
-- 
GitLab