Merge "Allow gmscore to ptrace itself"

2019-12-12 15:40:37 +00:00 · 2019-12-12 15:40:37 +00:00 · a5328d2614
commit a5328d2614
parent 7e5c0ec673 9ba277df83
2 changed files with 7 additions and 0 deletions
--- a/private/gmscore_app.te
+++ b/private/gmscore_app.te
@ -67,6 +67,9 @@ dontaudit gmscore_app { wifi_prop exported_wifi_prop }:file r_file_perms;
 # Access the network
 net_domain(gmscore_app)

+# webview crash handling depends on self ptrace (b/27697529, b/20150694, b/19277529#comment7)
+allow gmscore_app self:process ptrace;
+
 # Allow loading executable code from writable priv-app home
 # directories. This is a W^X violation, however, it needs
 # to be supported for now for the following reasons.
--- a/private/priv_app.te
+++ b/private/priv_app.te
@ -16,6 +16,10 @@ create_pty(priv_app)

 # webview crash handling depends on self ptrace (b/27697529, b/20150694, b/19277529#comment7)
 allow priv_app self:process ptrace;
+# b/142672293: No other priv-app should need this allow rule now that GMS core runs in its own domain.
+userdebug_or_eng(`
+  auditallow priv_app self:process ptrace;
+')

 # Allow loading executable code from writable priv-app home
 # directories. This is a W^X violation, however, it needs