From ae68bf23b661232776204bd86fba95bfb986635f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20=C5=BBenczykowski?= Date: Sat, 4 May 2019 01:13:38 -0700 Subject: [PATCH] dontaudit su unlabeled:vsock_socket * MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix for: type=1400 audit(): avc: denied { getopt } for comm=73657276657220736F636B6574 scontext=u:r:su:s0 tcontext=u:object_r:unlabeled:s0 tclass=vsock_socket type=1400 audit(): avc: denied { setopt } for comm=73657276657220736F636B6574 scontext=u:r:su:s0 tcontext=u:object_r:unlabeled:s0 tclass=vsock_socket type=1400 audit(): avc: denied { read } for comm="adbd" scontext=u:r:su:s0 tcontext=u:object_r:unlabeled:s0 tclass=vsock_socket type=1400 audit(): avc: denied { write } for comm="adbd" scontext=u:r:su:s0 tcontext=u:object_r:unlabeled:s0 tclass=vsock_socket Test: now less audit warnings! Signed-off-by: Maciej Żenczykowski Change-Id: I3bd1b2262dc6dcb099403d24611db66aac9aecb0 --- public/su.te | 1 + 1 file changed, 1 insertion(+) diff --git a/public/su.te b/public/su.te index 346b1fe98..a2f435e17 100644 --- a/public/su.te +++ b/public/su.te @@ -51,6 +51,7 @@ userdebug_or_eng(` dontaudit su unlabeled:filesystem *; dontaudit su postinstall_file:filesystem *; dontaudit su domain:bpf *; + dontaudit su unlabeled:vsock_socket *; # VTS tests run in the permissive su domain on debug builds, but the HALs # being tested run in enforcing mode. Because hal_foo_server is enforcing