commit 2ba18e99d8419204221745c2f2741e1f8e852ec8
author Ashwini Oruganti <ashfall@google.com> Thu Jan 09 13:37:30 2020 -0800
committer Ashwini Oruganti <ashfall@google.com> Thu Jan 09 13:37:30 2020 -0800
tree a3daeb3f31b9942f450380a939a1cf1a0b9ce422
parent 0b099c801d19437058f04e7a29c1061de827ba41

priv_app: Remove rules allowing a priv-app to ptrace itself

We added an auditallow for these permissions on 12/11/2019, and have not
seen any recent logs for this in go/sedenials. No other priv-app should
rely on this now that gmscore is running in its own domain.

Bug: 142672293
Test: TH
Change-Id: Iaeaef560883b61644625b21e5c7095d4d9c68da9

private/priv_app.te

diff --git a/private/priv_app.te b/private/priv_app.te
index f68586a..48615b9 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -14,13 +14,6 @@
 # Used by: https://play.privileged.com/store/apps/details?id=jackpal.androidterm
 create_pty(priv_app)
 
-# webview crash handling depends on self ptrace (b/27697529, b/20150694, b/19277529#comment7)
-allow priv_app self:process ptrace;
-# b/142672293: No other priv-app should need this allow rule now that GMS core runs in its own domain.
-userdebug_or_eng(`
-  auditallow priv_app self:process ptrace;
-')
-
 # Allow loading executable code from writable priv-app home
 # directories. This is a W^X violation, however, it needs
 # to be supported for now for the following reasons.