tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

suppress su behavior when running lsof

Browse source 
Relevant error logs show up when dumpstate do lsof using su identity:
RunCommand("LIST OF OPEN FILES", {"lsof"}, CommandOptions::AS_ROOT);

This is an intended behavior and the log is useless for debugging so I
suppress them.
Bug: 226717429
Test: do bugreport with relevant error gone.
Change-Id: Ide03315c1189ae2cbfe919566e6b97341c5991bb
This commit is contained in:
Adam Shih 2022-03-28 13:48:23 +08:00
parent 1704f61dcf
commit ae4dbf54d8
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
public/te_macros
View file

@ -172,6 +172,8 @@ type $1_userfaultfd;
type_transition $1 $1:anon_inode $1_userfaultfd "[userfaultfd]";
# Allow domain to create/use userfaultfd anon_inode.
allow $1 $1_userfaultfd:anon_inode { create ioctl read };
# Suppress errors generate during bugreport
dontaudit su $1_userfaultfd:anon_inode *;
# Other domains may not use userfaultfd anon_inodes created by this domain.
neverallow { domain -$1 } $1_userfaultfd:anon_inode *;
# This domain may not use userfaultfd anon_inodes created by other domains.