crash_dump: suppress denials on properties
Addresses: avc: denied { read } for comm="crash_dump64" name="u:object_r:bluetooth_prop:s0" dev="tmpfs" ino=17280 scontext=u:r:crash_dump:s0 tcontext=u:object_r:bluetooth_prop:s0 tclass=file Test: build Change-Id: I176038ea6add34b5277305073a20f9c1a930e74b
This commit is contained in:
parent
87988fa6a6
commit
44f06601e8
@ -50,13 +50,14 @@ allow crash_dump tombstone_data_file:file { append getattr };
|
|||||||
# which is super useful in some cases.
|
# which is super useful in some cases.
|
||||||
unix_socket_connect(crash_dump, logdr, logd)
|
unix_socket_connect(crash_dump, logdr, logd)
|
||||||
|
|
||||||
# Crash dump is not intended to access the following data types. Since these
|
# Crash dump is not intended to access the following files. Since these
|
||||||
# are WAI, suppress the denials to clean up the logs.
|
# are WAI, suppress the denials to clean up the logs.
|
||||||
dontaudit crash_dump {
|
dontaudit crash_dump {
|
||||||
core_data_file_type
|
core_data_file_type
|
||||||
vendor_file_type
|
vendor_file_type
|
||||||
}:dir search;
|
}:dir search;
|
||||||
dontaudit crash_dump system_data_file:file read;
|
dontaudit crash_dump system_data_file:file read;
|
||||||
|
dontaudit crash_dump property_type:file read;
|
||||||
|
|
||||||
###
|
###
|
||||||
### neverallow assertions
|
### neverallow assertions
|
||||||
|
Loading…
Reference in New Issue
Block a user