Revert "Exclude isolated_app from ptrace self."
Google Breakpad (crash reporter for Chrome) relies on ptrace
functionality. Without the ability to ptrace, the crash reporter
tool is broken.
Addresses the following denial:
type=1400 audit(1428619926.939:1181): avc: denied { ptrace } for pid=10077 comm="CrRendererMain" scontext=u:r:isolated_app:s0:c512,c768 tcontext=u:r:isolated_app:s0:c512,c768 tclass=process permissive=0
This reverts commit e9623d8fe6.
Bug: 20150694
Bug: https://code.google.com/p/chromium/issues/detail?id=475270
Change-Id: I1727c6a93f10ea6db877687a8f81ec789f9e501f
This commit is contained in:
Nick Kralevich
parent
9fc35a752c
commit
50d506212e
1 changed files with 1 additions and 1 deletions
2
app.te
2
app.te
|
|
@ -19,7 +19,7 @@ allow appdomain zygote:fd use;
|
|||
allow appdomain zygote_exec:file rx_file_perms;
|
||||
|
||||
# gdbserver for ndk-gdb ptrace attaches to app process.
|
||||
allow { appdomain -isolated_app } self:process ptrace;
|
||||
allow appdomain self:process ptrace;
|
||||
|
||||
# Read system properties managed by zygote.
|
||||
allow appdomain zygote_tmpfs:file read;
|
||||
|
|
|
|||
Loading…
Reference in a new issue