exclude su from app auditallow (e0d5c532) · Commits · CodeLinaro / public-release-test / platform / system / sepolicy

Commit e0d5c532 authored 8 years ago by Nick Kralevich

exclude su from app auditallow

su is an appdomain, and as such, any auditallow statements applicable to
appdomain also apply to su. However, su is never enforced, so generating
SELinux denials for such domains is pointless. Exclude su from
ion_device auditallow rules.

Addresses the following auditallow spam:

  avc: granted { ioctl } for comm="screencap" path="/dev/ion" dev="tmpfs"
  ino=10230 ioctlcmd=4906 scontext=u:r:su:s0
  tcontext=u:object_r:ion_device:s0 tclass=chr_file

Test: policy compiles
Change-Id: I2e783624b9e53ad365669bd6f2d4db40da475a16

parent 4c7044e0

No related branches found

No related tags found

Hide whitespace changes

Inline Side-by-side

Showing with 2 additions and 2 deletions

Please register or to comment