Audit attempts by rild to create/write to system_data_file.
Audit attempts by rild to create/write to system_data_file with avc: granted messages so that we can identify any such instances and put such directories/files into radio_data_file or some other type and then remove these rules. Change-Id: Ice20fed1733a3f4208d541a4baaa8b6c6f44fbb0 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
Stephen Smalley
Nick Kralevich
parent
599e71a9ba
commit
64c0ff0079
1 changed files with 2 additions and 0 deletions
2
rild.te
2
rild.te
|
|
@ -23,6 +23,8 @@ allow rild radio_data_file:file create_file_perms;
|
|||
allow rild sdcard_type:dir r_dir_perms;
|
||||
allow rild system_data_file:dir create_dir_perms;
|
||||
allow rild system_data_file:file create_file_perms;
|
||||
auditallow rild system_data_file:dir { create reparent rmdir setattr write add_name remove_name };
|
||||
auditallow rild system_data_file:file { create setattr write append link unlink rename };
|
||||
allow rild system_file:file x_file_perms;
|
||||
dontaudit rild self:capability sys_admin;
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue