Exclude isolated_app from ptrace self.

Change-Id: I29136a805d2329806afc9d5d81af934a1803d8e0 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-10-03 09:24:59 -04:00 · 2014-10-03 09:24:59 -04:00 · e9623d8fe6
commit e9623d8fe6
parent 38936af0f5
1 changed files with 1 additions and 1 deletions
--- a/app.te
+++ b/app.te
@ -19,7 +19,7 @@ allow appdomain zygote:fd use;
 allow appdomain zygote_exec:file rx_file_perms;

 # gdbserver for ndk-gdb ptrace attaches to app process.
-allow appdomain self:process ptrace;
+allow { appdomain -isolated_app } self:process ptrace;

 # Read system properties managed by zygote.
 allow appdomain zygote_tmpfs:file read;