From 85416e06a522b12874ce0db7a90639b221f00625 Mon Sep 17 00:00:00 2001 From: Nick Kralevich Date: Wed, 15 Apr 2015 17:58:08 -0700 Subject: [PATCH] su.te: add filesystem dontaudit rule Addresses su denials which occur when mounting filesystems not defined by policy. Addresses denials similar to: avc: denied { mount } for pid=12361 comm="mount" name="/" dev="binfmt_misc" ino=1 scontext=u:r:su:s0 tcontext=u:object_r:unlabeled:s0 tclass=filesystem permissive=1 Change-Id: Ifa0d7c781152f9ebdda9534ac3a04da151f8d78e --- su.te | 1 + 1 file changed, 1 insertion(+) diff --git a/su.te b/su.te index 58c75f643..9c01fc530 100644 --- a/su.te +++ b/su.te @@ -49,5 +49,6 @@ userdebug_or_eng(` dontaudit su keystore:keystore_key *; dontaudit su domain:debuggerd *; dontaudit su domain:drmservice *; + dontaudit su unlabeled:filesystem *; service_manager_local_audit_domain(su) ')