Add dontaudit for rs fd usage
These issues pop up on ocassion, and are very hard to diagnose. Since renderscript is deprecated, we shouldn't be seeing any new problems with it, but there isn't pressure to fix these issues as renderscript should go away on it's own eventually. Fixes: 291211299 Test: Boot, no audit statements. Change-Id: I9d595520ecabea562b8e9d4b113bb18db101219a
This commit is contained in:
Alfred Piccioni
parent
1d68b1b2da
commit
dcb9c2b044
1 changed files with 4 additions and 0 deletions
|
|
@ -32,6 +32,10 @@ allow rs same_process_hal_file:file { r_file_perms execute };
|
|||
# File descriptors passed from app to renderscript
|
||||
allow rs { untrusted_app_all ephemeral_app priv_app }:fd use;
|
||||
|
||||
# See b/291211299. Since rs is deprecated, this shouldn't be too dangerous, since new
|
||||
# renderscript usages shouldn't be popping up.
|
||||
dontaudit rs { zygote surfaceflinger hal_graphics_allocator }:fd use;
|
||||
|
||||
# rs can access app data, so ensure it can only be entered via an app domain and cannot have
|
||||
# CAP_DAC_OVERRIDE.
|
||||
neverallow rs rs:capability_class_set *;
|
||||
|
|
|
|||
Loading…
Reference in a new issue