exclude su from transitioning to crash_dump domain When /system/bin/crash_dump is executed from the su domain, do not perform a domain transition. This allows processes run from that domain to crash normally without SELinux interfering. Bug: 114136122 Test: cferris: "This change works for me. I ran the crasher executable on /data, /data/nativetest, /data/nativetest64 (and even /data/local/tmp). All of them show that crash_dump can read the executables." Change-Id: Ic135d61b11774acff37ebfb35831497cddbefdef

commit: e6f33f53bf2d7df1ab808b687e7763dea0191e05 [log] [tgz]
author: Nick Kralevich <nnk@google.com> Wed Sep 05 19:11:38 2018 -0700
committer: Nick Kralevich <nnk@google.com> Wed Sep 05 19:49:59 2018 -0700
tree: eeb8388f846c6db1497e0a1f2555b692a356dfa5
parent: 7b22940511a29695974a1ffeca144eced07d890e [diff]
diff --git a/private/domain.te b/private/domain.te
index 5c6fec8..5fcc1fd 100644
--- a/private/domain.te
+++ b/private/domain.te

@@ -1,6 +1,8 @@
 # Transition to crash_dump when /system/bin/crash_dump* is executed.
 # This occurs when the process crashes.
-domain_auto_trans(domain, crash_dump_exec, crash_dump);
+# We do not apply this to the su domain to avoid interfering with
+# tests (b/114136122)
+domain_auto_trans({ domain userdebug_or_eng(`-su') }, crash_dump_exec, crash_dump);
 allow domain crash_dump:process sigchld;
 
 # Limit ability to ptrace or read sensitive /proc/pid files of processes
commit	e6f33f53bf2d7df1ab808b687e7763dea0191e05	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Wed Sep 05 19:11:38 2018 -0700
committer	Nick Kralevich <nnk@google.com>	Wed Sep 05 19:49:59 2018 -0700
tree	eeb8388f846c6db1497e0a1f2555b692a356dfa5
parent	7b22940511a29695974a1ffeca144eced07d890e [diff]