app: audit usage of ion ioctls

Test: builds and boots on Bullhead with no selinux audit messages. Bug: 29795149 Bug: 30400942 Change-Id: I93295424a03488234b233d5e2f86d3bf329e53fd

app: audit usage of ion ioctls
Test: builds and boots on Bullhead with no selinux audit messages. Bug: 29795149 Bug: 30400942 Change-Id: I93295424a03488234b233d5e2f86d3bf329e53fd
96a85d12 · Jeff Vander Stoep · cd623e34 · 96a85d12
Commit 96a85d12 authored 8 years ago by Jeff Vander Stoep
--- a/app.te
+++ b/app.te
@@ -239,7 +239,9 @@ allowxperm { appdomain -bluetooth } self:{ rawip_socket tcp_socket udp_socket }

 allow { appdomain -isolated_app } ion_device:chr_file rw_file_perms;
 # TODO is write really necessary ?
-auditallow { appdomain -isolated_app } ion_device:chr_file { write append };
+auditallow appdomain ion_device:chr_file { write append };
+# TODO audit ion ioctl usage by apps
+auditallow appdomain ion_device:chr_file ioctl;

 # TODO: switch to meminfo service
 allow appdomain proc_meminfo:file r_file_perms;