Remove dumpstate selinux spam from logs
Addresses:
avc: granted { read } for name="pipe-max-size" dev="proc" ino=470942 scontext=u:r:dumpstate:s0 tcontext=u:object_r:proc:s0 tclass=file
avc: granted { read open } for path="/proc/sys/fs/pipe-max-size" dev="proc" ino=470942 scontext=u:r:dumpstate:s0 tcontext=u:object_r:proc:s0 tclass=file
Test: build policy
Change-Id: I7d8721c73c4f3c51b3885a97c697510e61d1221b
(cherry picked from commit f44002b378
)
This commit is contained in:
parent
ca5bb3371d
commit
f4ce8f6c06
@ -159,6 +159,7 @@ allow domain_deprecated proc_meminfo:file r_file_perms;
|
||||
userdebug_or_eng(`
|
||||
auditallow {
|
||||
domain_deprecated
|
||||
-dumpstate
|
||||
-fsck
|
||||
-fsck_untrusted
|
||||
-rild
|
||||
@ -169,6 +170,7 @@ auditallow {
|
||||
} proc:file r_file_perms;
|
||||
auditallow {
|
||||
domain_deprecated
|
||||
-dumpstate
|
||||
-fsck
|
||||
-fsck_untrusted
|
||||
-rild
|
||||
@ -177,6 +179,7 @@ auditallow {
|
||||
} proc:lnk_file { open ioctl lock }; # getattr read granted in domain
|
||||
auditallow {
|
||||
domain_deprecated
|
||||
-dumpstate
|
||||
-fingerprintd
|
||||
-healthd
|
||||
-netd
|
||||
|
@ -136,8 +136,9 @@ read_logd(dumpstate)
|
||||
control_logd(dumpstate)
|
||||
read_runtime_log_tags(dumpstate)
|
||||
|
||||
# Read /proc/net
|
||||
# Read /proc and /proc/net
|
||||
allow dumpstate proc_net:file r_file_perms;
|
||||
r_dir_file(dumpstate, proc)
|
||||
|
||||
# Read network state info files.
|
||||
allow dumpstate net_data_file:dir search;
|
||||
|
Loading…
Reference in New Issue
Block a user