Skip to content
Snippets Groups Projects
Commit a8a1faae authored by dcashman's avatar dcashman
Browse files

Auditallow untrusted_app procfs access. 

Access to proc is being removed but there are still some consumers.  Add
an auditallow to identify them and adjust labels appropriately before
removal.

Change-Id: I853b79bf0f22a71ea5c6c48641422c2daf247df5
parent d2198770
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 2 additions and 0 deletions
untrusted_app.te
+ 2
0
View file @ a8a1faae
...@@ -96,6 +96,8 @@ dontaudit untrusted_app exec_type:file getattr; ...@@ -96,6 +96,8 @@ dontaudit untrusted_app exec_type:file getattr;
# TODO: access of /proc/meminfo, give specific label or switch to # TODO: access of /proc/meminfo, give specific label or switch to
# using meminfo service # using meminfo service
allow untrusted_app proc:file r_file_perms; allow untrusted_app proc:file r_file_perms;
# https://code.google.com/p/chromium/issues/detail?id=586021
auditallow untrusted_app proc:file r_file_perms;
# access /proc/net/xt_qtguid/stats # access /proc/net/xt_qtguid/stats
r_dir_file(untrusted_app, proc_net) r_dir_file(untrusted_app, proc_net)
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment