01ee59a7b4
Since it was introduced it caused quite a few issues and it spams the
SElinux logs unnecessary.
The end goal of the audit was to whitelist the access to the
interpreter. However that's unfeasible for now given the complexity.
Test: devices boots and everything works as expected
no more auditallow logs
Bug: 29795519
Bug: 32871170
Change-Id: I9a7a65835e1e1d3f81be635bed2a3acf75a264f6
21 lines
613 B
Text
21 lines
613 B
Text
# profman
|
|
type profman, domain;
|
|
type profman_exec, exec_type, file_type;
|
|
|
|
allow profman user_profile_data_file:file { getattr read write lock };
|
|
|
|
# Dumping profile info opens the application APK file for pretty printing.
|
|
allow profman asec_apk_file:file { read };
|
|
allow profman apk_data_file:file { read };
|
|
allow profman oemfs:file { read };
|
|
# Reading an APK opens a ZipArchive, which unpack to tmpfs.
|
|
allow profman tmpfs:file { read };
|
|
allow profman profman_dump_data_file:file { write };
|
|
|
|
allow profman installd:fd use;
|
|
|
|
###
|
|
### neverallow rules
|
|
###
|
|
|
|
neverallow profman app_data_file:notdevfile_class_set open;
|