platform_system_sepolicy/private/auditctl.te
Nick Kralevich c7a3140398 Add policy for /system/bin/auditctl
/system/bin/auditctl is executed by init to set the kernel audit
throttling rate limit. Grant the rules necessary for this to happen.

Test: compiles and boots
Test: Perform an operation which generates lots of SELinux denials,
      and count how many occur before and after the time period.
Bug: 118815957

(cherry picked from commit 622ab8a2ba)

Change-Id: Ie5b4852fa217462557fce192c764305893968454
2019-04-09 20:55:30 -07:00

18 lines
589 B
Text

#
# /system/bin/auditctl executed for logd
#
# Performs maintenance of the kernel auditing system, including
# setting rate limits on SELinux denials.
#
type auditctl, domain, coredomain;
type auditctl_exec, file_type, system_file_type, exec_type;
# Uncomment the line below to put this domain into permissive
# mode. This helps speed SELinux policy development.
# userdebug_or_eng(`permissive auditctl;')
init_daemon_domain(auditctl)
allow auditctl self:global_capability_class_set audit_control;
allow auditctl self:netlink_audit_socket { create_socket_perms_no_ioctl nlmsg_write };