don't allow debuggerd to ptrace itself.
It doesn't make any sense for debuggerd to ever attempt to ptrace
itself. A debuggerd crash can't be debugged via debuggerd.
Bug: 28399663
Change-Id: I710d474e89d121385ef423b7bed9673a90e0759b
diff --git a/debuggerd.te b/debuggerd.te
index 0b45fa9..9212d0e 100644
--- a/debuggerd.te
+++ b/debuggerd.te
@@ -9,7 +9,16 @@
allow debuggerd domain:dir r_dir_perms;
allow debuggerd domain:file r_file_perms;
allow debuggerd domain:lnk_file read;
-allow debuggerd { domain -init -ueventd -watchdogd -healthd -adbd -keystore }:process { ptrace getattr };
+allow debuggerd {
+ domain
+ -adbd
+ -debuggerd
+ -healthd
+ -init
+ -keystore
+ -ueventd
+ -watchdogd
+}:process { ptrace getattr };
security_access_policy(debuggerd)
allow debuggerd tombstone_data_file:dir rw_dir_perms;
allow debuggerd tombstone_data_file:file create_file_perms;