diff options
author | Nick Kralevich <nnk@google.com> | 2015-04-15 17:58:08 -0700 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2015-04-16 08:38:46 -0700 |
commit | 85416e06a522b12874ce0db7a90639b221f00625 (patch) | |
tree | 38c557f0d6b7fea469032f6dd7c4b95d298c42b9 /su.te | |
parent | e96c3abe2e86f3ecdfdb7770629e9f73ff1e96d1 (diff) | |
download | android_external_sepolicy-85416e06a522b12874ce0db7a90639b221f00625.tar.gz android_external_sepolicy-85416e06a522b12874ce0db7a90639b221f00625.tar.bz2 android_external_sepolicy-85416e06a522b12874ce0db7a90639b221f00625.zip |
su.te: add filesystem dontaudit rule
Addresses su denials which occur when mounting filesystems not
defined by policy.
Addresses denials similar to:
avc: denied { mount } for pid=12361 comm="mount" name="/" dev="binfmt_misc" ino=1 scontext=u:r:su:s0 tcontext=u:object_r:unlabeled:s0 tclass=filesystem permissive=1
Change-Id: Ifa0d7c781152f9ebdda9534ac3a04da151f8d78e
Diffstat (limited to 'su.te')
-rw-r--r-- | su.te | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -49,5 +49,6 @@ userdebug_or_eng(` dontaudit su keystore:keystore_key *; dontaudit su domain:debuggerd *; dontaudit su domain:drmservice *; + dontaudit su unlabeled:filesystem *; service_manager_local_audit_domain(su) ') |