Skip to content
Snippets Groups Projects
Commit bf254b46 authored by Nick Kralevich's avatar Nick Kralevich
Browse files

su.te: suppress service_manager related denials. 

The su domain is always permissive, and will always be permissive.
It never makes sense to show su related denials, as they just cause
a false sense of alarm.

Suppress service_manager related denials. For example:

  SELinux : avc:  denied  { find } for service=SurfaceFlinger scontext=u:r:su:s0 tcontext=u:object_r:surfaceflinger_service:s0 tclass=service_manager
  SELinux : avc:  denied  { find } for service=activity scontext=u:r:su:s0 tcontext=u:object_r:system_server_service:s0 tclass=service_manager

While I'm here, suppress other recent additionsl to security_classes as
well (keystore_key, debuggerd, drmservice)

Change-Id: I844ad8da5ada09775646b5f32c9405e7b73797f9
parent 4fc3780a
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 4 additions and 0 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment