system_server: replace sys_resource with sys_ptrace am: 3d8dde0e2e am: dddbd2f3ba am: 5ee080531d am: 6b3ef92103 am: ed21f85552 Change-Id: I629201783c38c41032960e633f2a9f53eeadf8b9

commit: 11cf06299b73d5cc1c86206ca4df42b2421a7c57 [log] [tgz]
author: Nick Kralevich <nnk@google.com> Mon May 22 22:27:26 2017 +0000
committer: android-build-merger <android-build-merger@google.com> Mon May 22 22:27:26 2017 +0000
tree: adf38ed53f90241cab9bd259698db149ccbb7a50
parent: eb02b9a062246f3fe01884bd5c47a6152c2dc44a [diff]
parent: ed21f855525d294da3343316a5cf9961f90c4e05 [diff]
diff --git a/private/system_server.te b/private/system_server.te
index 6a11448..5ada67e 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -62,16 +62,13 @@
     net_raw
     sys_boot
     sys_nice
-    sys_resource
+    sys_ptrace
     sys_time
     sys_tty_config
 };
 
 wakelock_use(system_server)
 
-# Triggered by /proc/pid accesses, not allowed.
-dontaudit system_server self:capability sys_ptrace;
-
 # Trigger module auto-load.
 allow system_server kernel:system module_request;
commit	11cf06299b73d5cc1c86206ca4df42b2421a7c57	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Mon May 22 22:27:26 2017 +0000
committer	android-build-merger <android-build-merger@google.com>	Mon May 22 22:27:26 2017 +0000
tree	adf38ed53f90241cab9bd259698db149ccbb7a50
parent	eb02b9a062246f3fe01884bd5c47a6152c2dc44a [diff]
parent	ed21f855525d294da3343316a5cf9961f90c4e05 [diff]