Ensure crash_dump cannot be allowed to ptrace itself. This is not needed and could conceivably be abused. Test: Builds. Bug: 110107376 Change-Id: I73f301439af435fe40b3902409964cdf6e2c7dd5

commit: b9cb73ad4e779f8b5dfb1ad09541d97e777ca672 [log] [tgz]
author: Alan Stokes <alanstokes@google.com> Mon Sep 03 17:27:54 2018 +0100
committer: Alan Stokes <alanstokes@google.com> Mon Sep 03 17:27:54 2018 +0100
tree: 1456131ca5ded91a6111f74f312d3b0f1f4c77b8
parent: e0db1651e6444a62cf76b9792caf0f11d76fc864 [diff]
diff --git a/private/crash_dump.te b/private/crash_dump.te
index 186977f..a50740e 100644
--- a/private/crash_dump.te
+++ b/private/crash_dump.te

@@ -24,3 +24,5 @@
   vendor_init
   vold
 }:process { ptrace signal sigstop sigkill };
+
+neverallow crash_dump self:process ptrace;
commit	b9cb73ad4e779f8b5dfb1ad09541d97e777ca672	[log] [tgz]
author	Alan Stokes <alanstokes@google.com>	Mon Sep 03 17:27:54 2018 +0100
committer	Alan Stokes <alanstokes@google.com>	Mon Sep 03 17:27:54 2018 +0100
tree	1456131ca5ded91a6111f74f312d3b0f1f4c77b8
parent	e0db1651e6444a62cf76b9792caf0f11d76fc864 [diff]