crash_dump: suppress devpts denials

The following denial caused a presubmit failure: 06-15 15:16:24.176 956 956 I auditd : type=1400 audit(0.0:4): avc: denied { read write } for comm="crash_dump64" path="/dev/pts/3" dev="devpts" ino=6 scontext=u:r:crash_dump:s0 tcontext=u:object_r:devpts:s0 tclass=chr_file permissive=0 Suppress these denials. They are not needed by crash_dump and are only caused by the default behavior of sharing FDs across exec. Test: build Change-Id: I183f7a54e6b807fdf46b04d67dd4b819d4f0e507
2019-03-18 10:29:27 -07:00 · 2019-03-18 10:29:27 -07:00 · 60bb29fcdf
commit 60bb29fcdf
parent a1ce292dbb
1 changed files with 1 additions and 1 deletions
--- a/private/crash_dump.te
+++ b/private/crash_dump.te
@ -1,7 +1,7 @@
 typeattribute crash_dump coredomain;

 # Crash dump does not need to access devices passed across exec().
-dontaudit crash_dump dev_type:chr_file { read write };
+dontaudit crash_dump { devpts dev_type }:chr_file { read write };

 allow crash_dump {
  domain