tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "init.te: allow creating kernel audit entries"

Browse source
This commit is contained in:
Treehugger Robot 2017-01-03 23:24:47 +00:00 committed by Gerrit Code Review
commit 11c1b18f61
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
public/init.te
View file

@ -277,6 +277,12 @@ allow init property_data_file:file create_file_perms;
# Set any property. # Set any property.
allow init property_type:property_service set; allow init property_type:property_service set;
# Send an SELinux userspace denial to the kernel audit subsystem,
# so it can be picked up and processed by logd. These denials are
# generated when an attempt to set a property is denied by policy.
allow init self:netlink_audit_socket { create_socket_perms_no_ioctl nlmsg_relay };
allow init self:capability audit_write;
# Run "ifup lo" to bring up the localhost interface # Run "ifup lo" to bring up the localhost interface
allow init self:udp_socket { create ioctl }; allow init self:udp_socket { create ioctl };
# in addition to unpriv ioctls granted to all domains, init also needs: # in addition to unpriv ioctls granted to all domains, init also needs: