Merge "Allow bugreports to dump the native netd service state." into nyc-dev
diff --git a/domain.te b/domain.te
index 9b2024b..cd7b2fb 100644
--- a/domain.te
+++ b/domain.te
@@ -165,8 +165,18 @@
-vold
} self:capability mknod;
-# Limit raw I/O to these whitelisted domains.
-neverallow { domain -kernel -init -recovery -ueventd -watchdogd -healthd -uncrypt -tee } self:capability sys_rawio;
+# Limit raw I/O to these whitelisted domains. Do not apply to debug builds.
+neverallow {
+ domain
+ userdebug_or_eng(`-domain')
+ -kernel
+ -init
+ -recovery
+ -ueventd
+ -healthd
+ -uncrypt
+ -tee
+} self:capability sys_rawio;
# No process can map low memory (< CONFIG_LSM_MMAP_MIN_ADDR).
neverallow * self:memprotect mmap_zero;