tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

dontaudit su unlabeled:vsock_socket *

Browse source 
Fix for:
  type=1400 audit(): avc: denied { getopt } for comm=73657276657220736F636B6574 scontext=u:r:su:s0 tcontext=u:object_r:unlabeled:s0 tclass=vsock_socket
  type=1400 audit(): avc: denied { setopt } for comm=73657276657220736F636B6574 scontext=u:r:su:s0 tcontext=u:object_r:unlabeled:s0 tclass=vsock_socket
  type=1400 audit(): avc: denied { read } for comm="adbd" scontext=u:r:su:s0 tcontext=u:object_r:unlabeled:s0 tclass=vsock_socket
  type=1400 audit(): avc: denied { write } for comm="adbd" scontext=u:r:su:s0 tcontext=u:object_r:unlabeled:s0 tclass=vsock_socket

Test: now less audit warnings!
Bug: 131268436
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I3bd1b2262dc6dcb099403d24611db66aac9aecb0
Merged-In: I3bd1b2262dc6dcb099403d24611db66aac9aecb0
(cherry picked from commit ae68bf23b6)
This commit is contained in:
Maciej Żenczykowski 2019-05-04 01:13:38 -07:00 committed by Maciej Zenczykowski
parent 5a56156bcc
commit 63067284f1
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
public/su.te
View file

@ -51,6 +51,7 @@ userdebug_or_eng(`
dontaudit su unlabeled:filesystem *;
dontaudit su postinstall_file:filesystem *;
dontaudit su domain:bpf *;
dontaudit su unlabeled:vsock_socket *;
# VTS tests run in the permissive su domain on debug builds, but the HALs
# being tested run in enforcing mode. Because hal_foo_server is enforcing