diff options
| author | Nick Kralevich <nnk@google.com> | 2014-05-27 15:46:39 -0700 |
|---|---|---|
| committer | Nick Kralevich <nnk@google.com> | 2014-05-27 15:46:39 -0700 |
| commit | af7deffb2c6ef217d0ea95e2e1d06042bc4e8e34 (patch) | |
| tree | 8fe7f3cd5e624e149b25e295508fdee4c9be045f /su.te | |
| parent | 0cefb70170fcc2bf88e0fb3737a2dd0680bdb123 (diff) | |
| download | android_external_sepolicy-af7deffb2c6ef217d0ea95e2e1d06042bc4e8e34.tar.gz android_external_sepolicy-af7deffb2c6ef217d0ea95e2e1d06042bc4e8e34.tar.bz2 android_external_sepolicy-af7deffb2c6ef217d0ea95e2e1d06042bc4e8e34.zip | |
dontaudit su
Denials generated from the su domain aren't meaningful security
warnings, and just serve to confuse people. Don't log them.
Change-Id: Id38314d4e7b45062c29bed63df4e50e05e4b131e
Diffstat (limited to 'su.te')
| -rw-r--r-- | su.te | 23 |
1 files changed, 23 insertions, 0 deletions
@@ -26,4 +26,27 @@ userdebug_or_eng(` # Make su a net domain. net_domain(su) + + dontaudit su self:capability_class_set *; + dontaudit su kernel:security *; + dontaudit su kernel:system *; + dontaudit su self:memprotect *; + dontaudit su domain:process *; + dontaudit su domain:fd *; + dontaudit su domain:dir *; + dontaudit su domain:lnk_file *; + dontaudit su domain:{ fifo_file file } *; + dontaudit su domain:socket_class_set *; + dontaudit su domain:ipc_class_set *; + dontaudit su domain:key *; + dontaudit su fs_type:filesystem *; + dontaudit su {fs_type dev_type file_type}:dir_file_class_set *; + dontaudit su node_type:node *; + dontaudit su node_type:{ tcp_socket udp_socket rawip_socket } *; + dontaudit su netif_type:netif *; + dontaudit su port_type:socket_class_set *; + dontaudit su port_type:{ tcp_socket dccp_socket } *; + dontaudit su domain:peer *; + dontaudit su domain:binder *; + dontaudit su property_type:property_service *; ') |