drop "allow healthd self:process execmem;" The execmem capability indicates that the processes creates anonymous executable memory, which is most commonly used for JITing functionality. All of the healthd executable code comes from the filesystem, and healthd does not rely on JITing or loading code from non-file based sources, so this permission is unnecessary. Bug: 32659667 Test: compiles and boots Change-Id: Ifb2b68625b191cb002dbb134cace6ddd215236e8

commit: b192f0e7c7214db5dcabbcdb8ef377d8fe2e3638 [log] [tgz]
author: Nick Kralevich <nnk@google.com> Thu May 23 11:17:21 2019 -0700
committer: Nick Kralevich <nnk@google.com> Thu May 23 11:17:21 2019 -0700
tree: 5378d1b90d934b897b37528b5604f7129ceb36f2
parent: 7c3f77da182b7083af4c5c16b8dbd4999a0d4998 [diff]
diff --git a/public/healthd.te b/public/healthd.te
index 5fe4add..7ea23e1 100644
--- a/public/healthd.te
+++ b/public/healthd.te

@@ -46,7 +46,6 @@
 allow healthd input_device:chr_file r_file_perms;
 allow healthd tty_device:chr_file rw_file_perms;
 allow healthd ashmem_device:chr_file execute;
-allow healthd self:process execmem;
 allow healthd proc_sysrq:file rw_file_perms;
 
 # Healthd needs to tell init to continue the boot
commit	b192f0e7c7214db5dcabbcdb8ef377d8fe2e3638	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Thu May 23 11:17:21 2019 -0700
committer	Nick Kralevich <nnk@google.com>	Thu May 23 11:17:21 2019 -0700
tree	5378d1b90d934b897b37528b5604f7129ceb36f2
parent	7c3f77da182b7083af4c5c16b8dbd4999a0d4998 [diff]