tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "suppress su behavior when running lsof"

Browse source
This commit is contained in:
Adam Shih 2022-03-29 05:17:26 +00:00 committed by Gerrit Code Review
commit 8296a542fe
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
public/te_macros
View file

@ -172,6 +172,8 @@ type $1_userfaultfd;
type_transition $1 $1:anon_inode $1_userfaultfd "[userfaultfd]";
# Allow domain to create/use userfaultfd anon_inode.
allow $1 $1_userfaultfd:anon_inode { create ioctl read };
# Suppress errors generate during bugreport
dontaudit su $1_userfaultfd:anon_inode *;
# Other domains may not use userfaultfd anon_inodes created by this domain.
neverallow { domain -$1 } $1_userfaultfd:anon_inode *;
# This domain may not use userfaultfd anon_inodes created by other domains.