Exclude isolated_app from ptrace self. Change-Id: I29136a805d2329806afc9d5d81af934a1803d8e0 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

commit: e9623d8fe698c4600660ec4a7598f0d6cf083e3a [log] [tgz]
author: Stephen Smalley <sds@tycho.nsa.gov> Fri Oct 03 09:24:59 2014 -0400
committer: Nick Kralevich <nnk@google.com> Thu Oct 16 23:42:03 2014 +0000
tree: 7965c068d736f32fab400b5133363ba4d9cd2550
parent: 38936af0f5273980679fcb2c6d641768da82068a [diff]
diff --git a/app.te b/app.te
index 827a3be..d03b9aa 100644
--- a/app.te
+++ b/app.te

@@ -19,7 +19,7 @@
 allow appdomain zygote_exec:file rx_file_perms;
 
 # gdbserver for ndk-gdb ptrace attaches to app process.
-allow appdomain self:process ptrace;
+allow { appdomain -isolated_app } self:process ptrace;
 
 # Read system properties managed by zygote.
 allow appdomain zygote_tmpfs:file read;
commit	e9623d8fe698c4600660ec4a7598f0d6cf083e3a	[log] [tgz]
author	Stephen Smalley <sds@tycho.nsa.gov>	Fri Oct 03 09:24:59 2014 -0400
committer	Nick Kralevich <nnk@google.com>	Thu Oct 16 23:42:03 2014 +0000
tree	7965c068d736f32fab400b5133363ba4d9cd2550
parent	38936af0f5273980679fcb2c6d641768da82068a [diff]