crash_dump: dontaudit gpu_device access
And add neverallow so that it's removed from partner policy if it was added there due to denials. Fixes: 124476401 Test: build Change-Id: I16903ba43f34011a0753b5267c35425dc7145f05
This commit is contained in:
parent
ec651944a0
commit
504a654983
@ -1,5 +1,4 @@
|
||||
cppreopts cppreopts capability 79414024
|
||||
crash_dump gpu_device chr_file 124468495
|
||||
dnsmasq netd fifo_file 77868789
|
||||
dnsmasq netd unix_stream_socket 77868789
|
||||
init app_data_file file 77873135
|
||||
|
@ -1,5 +1,8 @@
|
||||
typeattribute crash_dump coredomain;
|
||||
|
||||
# Crash dump does not need to access the GPU.
|
||||
dontaudit crash_dump gpu_device:chr_file *;
|
||||
|
||||
allow crash_dump {
|
||||
domain
|
||||
-apexd
|
||||
@ -41,3 +44,4 @@ neverallow crash_dump {
|
||||
}:process { signal sigstop sigkill };
|
||||
|
||||
neverallow crash_dump self:process ptrace;
|
||||
neverallow crash_dump gpu_device:chr_file *;
|
||||
|
Loading…
Reference in New Issue
Block a user