crash_dump: don't allow CAP_SYS_PTRACE or CAP_KILL. am: 4d140237b5 am: d583a83327 Change-Id: I40a8da8b67dc54552cae42529c9b51cb25da6290

commit: 9805f2cde3b65de7dad8791b04780a413b6e57ca [log] [tgz]
author: Josh Gao <jmgao@google.com> Mon Feb 06 18:53:12 2017 +0000
committer: android-build-merger <android-build-merger@google.com> Mon Feb 06 18:53:12 2017 +0000
tree: a455d5f4d3681a6d75a581039fe58af1f6077aa7
parent: 3d1e5959b4e1aaf8875d8e1639525816f9dac48b [diff]
parent: d583a83327a75df25670482fa201f64582d5b30e [diff]
diff --git a/public/crash_dump.te b/public/crash_dump.te
index e117176..f70b481 100644
--- a/public/crash_dump.te
+++ b/public/crash_dump.te

@@ -1,7 +1,6 @@
 type crash_dump, domain;
 type crash_dump_exec, exec_type, file_type;
 
-allow crash_dump self:capability { sys_ptrace kill };
 allow crash_dump {
   domain
   -init
commit	9805f2cde3b65de7dad8791b04780a413b6e57ca	[log] [tgz]
author	Josh Gao <jmgao@google.com>	Mon Feb 06 18:53:12 2017 +0000
committer	android-build-merger <android-build-merger@google.com>	Mon Feb 06 18:53:12 2017 +0000
tree	a455d5f4d3681a6d75a581039fe58af1f6077aa7
parent	3d1e5959b4e1aaf8875d8e1639525816f9dac48b [diff]
parent	d583a83327a75df25670482fa201f64582d5b30e [diff]