commit 77d4731e9d30c8971e076e2469d6957619019921
author repo sync <gcondra@google.com> Fri May 17 17:11:29 2013 -0700
committer repo sync <gcondra@google.com> Mon May 20 11:08:05 2013 -0700
tree a09ca764a3474bfaf20c0aafee0bf3a907d382fe
parent 42cabf341c8a600a218023ec69b3518e3d3d482c

Make all domains unconfined.

This prevents denials from being generated by the base policy.
Over time, these rules will be incrementally tightened to improve
security.

Change-Id: I4be1c987a5d69ac784a56d42fc2c9063c402de11

debuggerd.te

diff --git a/debuggerd.te b/debuggerd.te
index 131c56c..f78b902 100644
--- a/debuggerd.te
+++ b/debuggerd.te
@@ -4,17 +4,4 @@
 type debuggerd_exec, exec_type, file_type;
 
 init_daemon_domain(debuggerd)
-typeattribute debuggerd mlstrustedsubject;
-allow debuggerd self:capability { dac_override sys_ptrace chown kill fowner };
-allow debuggerd self:capability2 { syslog };
-allow debuggerd domain:dir r_dir_perms;
-allow debuggerd domain:file r_file_perms;
-allow debuggerd domain:process ptrace;
-security_access_policy(debuggerd)
-allow debuggerd system_data_file:dir create_dir_perms;
-allow debuggerd system_data_file:dir relabelfrom;
-allow debuggerd tombstone_data_file:dir relabelto;
-allow debuggerd tombstone_data_file:dir create_dir_perms;
-allow debuggerd tombstone_data_file:file create_file_perms;
-allow debuggerd domain:process { sigstop signal };
-allow debuggerd exec_type:file r_file_perms;
+unconfined_domain(debuggerd)