Merge "Get rid of more auditallow spam" am: 82b9182ef3 am: fa418650d2 am: ce35d13319
am: 324efbce57
Change-Id: I3d9a5329304d2d1287a1143d5a20318b32616691
This commit is contained in:
Nick Kralevich
android-build-merger
commit
69103378b1
2 changed files with 36 additions and 2 deletions
|
|
@ -79,6 +79,7 @@ auditallow {
|
||||||
-debuggerd
|
-debuggerd
|
||||||
-dex2oat
|
-dex2oat
|
||||||
-dumpstate
|
-dumpstate
|
||||||
|
-init
|
||||||
-installd
|
-installd
|
||||||
-system_server
|
-system_server
|
||||||
-zygote
|
-zygote
|
||||||
|
|
@ -115,8 +116,38 @@ auditallow { domain_deprecated -bluetooth -fingerprintd -healthd -init -netd -pr
|
||||||
auditallow { domain_deprecated -bluetooth -fingerprintd -healthd -init -netd -priv_app -rild -system_app -surfaceflinger -system_server -tee -ueventd -vold -wpa } sysfs:lnk_file { getattr open ioctl lock }; # read granted in domain
|
auditallow { domain_deprecated -bluetooth -fingerprintd -healthd -init -netd -priv_app -rild -system_app -surfaceflinger -system_server -tee -ueventd -vold -wpa } sysfs:lnk_file { getattr open ioctl lock }; # read granted in domain
|
||||||
auditallow domain_deprecated inotify:dir r_dir_perms;
|
auditallow domain_deprecated inotify:dir r_dir_perms;
|
||||||
auditallow domain_deprecated inotify:{ file lnk_file } r_file_perms;
|
auditallow domain_deprecated inotify:{ file lnk_file } r_file_perms;
|
||||||
auditallow { domain_deprecated -appdomain -fingerprintd -healthd -init -inputflinger -installd -keystore -netd -rild -surfaceflinger -system_server -zygote } cgroup:dir r_dir_perms;
|
auditallow {
|
||||||
auditallow { domain_deprecated -appdomain -fingerprintd -healthd -init -inputflinger -installd -keystore -netd -rild -surfaceflinger -system_server -zygote } cgroup:{ file lnk_file } r_file_perms;
|
domain_deprecated
|
||||||
|
-appdomain
|
||||||
|
-dumpstate
|
||||||
|
-fingerprintd
|
||||||
|
-healthd
|
||||||
|
-init
|
||||||
|
-inputflinger
|
||||||
|
-installd
|
||||||
|
-keystore
|
||||||
|
-netd
|
||||||
|
-rild
|
||||||
|
-surfaceflinger
|
||||||
|
-system_server
|
||||||
|
-zygote
|
||||||
|
} cgroup:dir r_dir_perms;
|
||||||
|
auditallow {
|
||||||
|
domain_deprecated
|
||||||
|
-appdomain
|
||||||
|
-dumpstate
|
||||||
|
-fingerprintd
|
||||||
|
-healthd
|
||||||
|
-init
|
||||||
|
-inputflinger
|
||||||
|
-installd
|
||||||
|
-keystore
|
||||||
|
-netd
|
||||||
|
-rild
|
||||||
|
-surfaceflinger
|
||||||
|
-system_server
|
||||||
|
-zygote
|
||||||
|
} cgroup:{ file lnk_file } r_file_perms;
|
||||||
auditallow { domain_deprecated -appdomain -init -priv_app -surfaceflinger -system_server -vold } proc_meminfo:file r_file_perms;
|
auditallow { domain_deprecated -appdomain -init -priv_app -surfaceflinger -system_server -vold } proc_meminfo:file r_file_perms;
|
||||||
auditallow { domain_deprecated -appdomain -clatd -init -netd -system_server -vold -wpa -zygote } proc_net:dir { open getattr read ioctl lock }; # search granted in domain
|
auditallow { domain_deprecated -appdomain -clatd -init -netd -system_server -vold -wpa -zygote } proc_net:dir { open getattr read ioctl lock }; # search granted in domain
|
||||||
auditallow {
|
auditallow {
|
||||||
|
|
|
||||||
|
|
@ -95,6 +95,9 @@ allow dumpstate { storage_file block_device }:dir { search getattr };
|
||||||
allow dumpstate fuse_device:chr_file getattr;
|
allow dumpstate fuse_device:chr_file getattr;
|
||||||
allow dumpstate { dm_device cache_block_device }:blk_file getattr;
|
allow dumpstate { dm_device cache_block_device }:blk_file getattr;
|
||||||
|
|
||||||
|
# Read /dev/cpuctl and /dev/cpuset
|
||||||
|
r_dir_file(dumpstate, cgroup)
|
||||||
|
|
||||||
# Allow dumpstate to make binder calls to any binder service
|
# Allow dumpstate to make binder calls to any binder service
|
||||||
binder_call(dumpstate, binderservicedomain)
|
binder_call(dumpstate, binderservicedomain)
|
||||||
binder_call(dumpstate, { appdomain ephemeral_app netd wificond })
|
binder_call(dumpstate, { appdomain ephemeral_app netd wificond })
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue