Don't emit audit logs for dumpstate->keystore
aosp/1696825 added the ability for dumpstate to signal Keystore on debuggable builds, but this means that there will be an audit denial message on non-debuggable builds. Suppress this, in particular so that the test mentioned below can pass on -user builds. Bug: 269672964 Test: CtsSecurityHostTestCases:android.security.cts.SELinuxHostTest#testNoBugreportDenial Change-Id: I68a41f6b94d615f80e4d1490ec4159436693dce2
This commit is contained in:
David Drysdale
parent
6ad15b7c74
commit
e1075f7c0c
1 changed files with 2 additions and 0 deletions
|
|
@ -66,9 +66,11 @@ allow dumpstate {
|
|||
netd
|
||||
}:process signal;
|
||||
|
||||
# Only allow dumpstate to dump Keystore on debuggable builds.
|
||||
userdebug_or_eng(`
|
||||
allow dumpstate keystore:process signal;
|
||||
')
|
||||
dontaudit dumpstate keystore:process { signal };
|
||||
|
||||
# For collecting bugreports.
|
||||
no_debugfs_restriction(`
|
||||
|
|
|
|||
Loading…
Reference in a new issue