From 2ba18e99d8419204221745c2f2741e1f8e852ec8 Mon Sep 17 00:00:00 2001
From: Ashwini Oruganti <ashfall@google.com>
Date: Thu, 9 Jan 2020 13:37:30 -0800
Subject: [PATCH] priv_app: Remove rules allowing a priv-app to ptrace itself

We added an auditallow for these permissions on 12/11/2019, and have not
seen any recent logs for this in go/sedenials. No other priv-app should
rely on this now that gmscore is running in its own domain.

Bug: 142672293
Test: TH
Change-Id: Iaeaef560883b61644625b21e5c7095d4d9c68da9
---
 private/priv_app.te | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/private/priv_app.te b/private/priv_app.te
index f68586aa2..48615b945 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -14,13 +14,6 @@ bluetooth_domain(priv_app)
 # Used by: https://play.privileged.com/store/apps/details?id=jackpal.androidterm
 create_pty(priv_app)
 
-# webview crash handling depends on self ptrace (b/27697529, b/20150694, b/19277529#comment7)
-allow priv_app self:process ptrace;
-# b/142672293: No other priv-app should need this allow rule now that GMS core runs in its own domain.
-userdebug_or_eng(`
-  auditallow priv_app self:process ptrace;
-')
-
 # Allow loading executable code from writable priv-app home
 # directories. This is a W^X violation, however, it needs
 # to be supported for now for the following reasons.