dontaudit su
Denials generated from the su domain aren't meaningful security warnings, and just serve to confuse people. Don't log them. Change-Id: Id38314d4e7b45062c29bed63df4e50e05e4b131e
This commit is contained in:
Nick Kralevich
parent
0cefb70170
commit
af7deffb2c
1 changed files with 23 additions and 0 deletions
23
su.te
23
su.te
|
|
@ -26,4 +26,27 @@ userdebug_or_eng(`
|
|||
|
||||
# Make su a net domain.
|
||||
net_domain(su)
|
||||
|
||||
dontaudit su self:capability_class_set *;
|
||||
dontaudit su kernel:security *;
|
||||
dontaudit su kernel:system *;
|
||||
dontaudit su self:memprotect *;
|
||||
dontaudit su domain:process *;
|
||||
dontaudit su domain:fd *;
|
||||
dontaudit su domain:dir *;
|
||||
dontaudit su domain:lnk_file *;
|
||||
dontaudit su domain:{ fifo_file file } *;
|
||||
dontaudit su domain:socket_class_set *;
|
||||
dontaudit su domain:ipc_class_set *;
|
||||
dontaudit su domain:key *;
|
||||
dontaudit su fs_type:filesystem *;
|
||||
dontaudit su {fs_type dev_type file_type}:dir_file_class_set *;
|
||||
dontaudit su node_type:node *;
|
||||
dontaudit su node_type:{ tcp_socket udp_socket rawip_socket } *;
|
||||
dontaudit su netif_type:netif *;
|
||||
dontaudit su port_type:socket_class_set *;
|
||||
dontaudit su port_type:{ tcp_socket dccp_socket } *;
|
||||
dontaudit su domain:peer *;
|
||||
dontaudit su domain:binder *;
|
||||
dontaudit su property_type:property_service *;
|
||||
')
|
||||
|
|
|
|||
Loading…
Reference in a new issue