su.te: add filesystem dontaudit rule
Addresses su denials which occur when mounting filesystems not defined by policy. Addresses denials similar to: avc: denied { mount } for pid=12361 comm="mount" name="/" dev="binfmt_misc" ino=1 scontext=u:r:su:s0 tcontext=u:object_r:unlabeled:s0 tclass=filesystem permissive=1 Change-Id: Ifa0d7c781152f9ebdda9534ac3a04da151f8d78e
This commit is contained in:
parent
e96c3abe2e
commit
85416e06a5
1 changed files with 1 additions and 0 deletions
1
su.te
1
su.te
|
@ -49,5 +49,6 @@ userdebug_or_eng(`
|
||||||
dontaudit su keystore:keystore_key *;
|
dontaudit su keystore:keystore_key *;
|
||||||
dontaudit su domain:debuggerd *;
|
dontaudit su domain:debuggerd *;
|
||||||
dontaudit su domain:drmservice *;
|
dontaudit su domain:drmservice *;
|
||||||
|
dontaudit su unlabeled:filesystem *;
|
||||||
service_manager_local_audit_domain(su)
|
service_manager_local_audit_domain(su)
|
||||||
')
|
')
|
||||||
|
|
Loading…
Reference in a new issue