su.te: add filesystem dontaudit rule

Addresses su denials which occur when mounting filesystems not
defined by policy.

Addresses denials similar to:

  avc: denied { mount } for pid=12361 comm="mount" name="/" dev="binfmt_misc" ino=1 scontext=u:r:su:s0 tcontext=u:object_r:unlabeled:s0 tclass=filesystem permissive=1

Change-Id: Ifa0d7c781152f9ebdda9534ac3a04da151f8d78e
This commit is contained in:
Nick Kralevich 2015-04-15 17:58:08 -07:00
parent e96c3abe2e
commit 85416e06a5

1
su.te
View file

@ -49,5 +49,6 @@ userdebug_or_eng(`
dontaudit su keystore:keystore_key *; dontaudit su keystore:keystore_key *;
dontaudit su domain:debuggerd *; dontaudit su domain:debuggerd *;
dontaudit su domain:drmservice *; dontaudit su domain:drmservice *;
dontaudit su unlabeled:filesystem *;
service_manager_local_audit_domain(su) service_manager_local_audit_domain(su)
') ')