crash_dump: suppress denials on properties
Addresses: avc: denied { read } for comm="crash_dump64" name="u:object_r:bluetooth_prop:s0" dev="tmpfs" ino=17280 scontext=u:r:crash_dump:s0 tcontext=u:object_r:bluetooth_prop:s0 tclass=file Test: build Change-Id: I176038ea6add34b5277305073a20f9c1a930e74b
This commit is contained in:
parent
87988fa6a6
commit
44f06601e8
@ -50,13 +50,14 @@ allow crash_dump tombstone_data_file:file { append getattr };
|
||||
# which is super useful in some cases.
|
||||
unix_socket_connect(crash_dump, logdr, logd)
|
||||
|
||||
# Crash dump is not intended to access the following data types. Since these
|
||||
# Crash dump is not intended to access the following files. Since these
|
||||
# are WAI, suppress the denials to clean up the logs.
|
||||
dontaudit crash_dump {
|
||||
core_data_file_type
|
||||
vendor_file_type
|
||||
}:dir search;
|
||||
dontaudit crash_dump system_data_file:file read;
|
||||
dontaudit crash_dump property_type:file read;
|
||||
|
||||
###
|
||||
### neverallow assertions
|
||||
|
Loading…
Reference in New Issue
Block a user