am e468016b: zygote requires setpcap in order to drop from its bounding set. * commit 'e468016b1bd79b505e62fd410f59a03bad8bbe06': zygote requires setpcap in order to drop from its bounding set.

commit: 17e91e8915d5b2463d6bc4da17761fbe8e6edea6 [log] [tgz]
author: Stephen Smalley <sds@tycho.nsa.gov> Tue Feb 19 12:28:38 2013 -0800
committer: Android Git Automerger <android-git-automerger@android.com> Tue Feb 19 12:28:38 2013 -0800
tree: 93219d27935923ff1c3154926f0ecda32d17ab8f
parent: 78ec44500b44e835cd8540c7e1ec9bf80aae76da [diff]
parent: e468016b1bd79b505e62fd410f59a03bad8bbe06 [diff]
diff --git a/zygote.te b/zygote.te
index 3350ce3..743af36 100644
--- a/zygote.te
+++ b/zygote.te

@@ -6,6 +6,8 @@
 typeattribute zygote mlstrustedsubject;
 # Override DAC on files and switch uid/gid.
 allow zygote self:capability { dac_override setgid setuid };
+# Drop capabilities from bounding set.
+allow zygote self:capability setpcap;
 # Switch SELinux context to app domains.
 allow zygote system:process dyntransition;
 allow zygote appdomain:process dyntransition;
commit	17e91e8915d5b2463d6bc4da17761fbe8e6edea6	[log] [tgz]
author	Stephen Smalley <sds@tycho.nsa.gov>	Tue Feb 19 12:28:38 2013 -0800
committer	Android Git Automerger <android-git-automerger@android.com>	Tue Feb 19 12:28:38 2013 -0800
tree	93219d27935923ff1c3154926f0ecda32d17ab8f
parent	78ec44500b44e835cd8540c7e1ec9bf80aae76da [diff]
parent	e468016b1bd79b505e62fd410f59a03bad8bbe06 [diff]