PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove dumpstate selinux spam from logs

Browse Source 
Addresses:
avc: granted { read } for name="pipe-max-size" dev="proc" ino=470942 scontext=u:r:dumpstate:s0 tcontext=u:object_r:proc:s0 tclass=file
avc: granted { read open } for path="/proc/sys/fs/pipe-max-size" dev="proc" ino=470942 scontext=u:r:dumpstate:s0 tcontext=u:object_r:proc:s0 tclass=file

Test: build policy
Change-Id: I7d8721c73c4f3c51b3885a97c697510e61d1221b
(cherry picked from commit f44002b378)
This commit is contained in:
Jeff Vander Stoep 2017-06-07 09:25:11 -07:00
parent ca5bb3371d
commit f4ce8f6c06
2 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
public/domain_deprecated.te
View File

@ -159,6 +159,7 @@ allow domain_deprecated proc_meminfo:file r_file_perms;
userdebug_or_eng(`
auditallow {
domain_deprecated
-dumpstate
-fsck
-fsck_untrusted
-rild
@ -169,6 +170,7 @@ auditallow {
} proc:file r_file_perms;
auditallow {
domain_deprecated
-dumpstate
-fsck
-fsck_untrusted
-rild
@ -177,6 +179,7 @@ auditallow {
} proc:lnk_file { open ioctl lock }; # getattr read granted in domain
auditallow {
domain_deprecated
-dumpstate
-fingerprintd
-healthd
-netd

3
public/dumpstate.te
View File

@ -136,8 +136,9 @@ read_logd(dumpstate)
control_logd(dumpstate)
read_runtime_log_tags(dumpstate)
# Read /proc/net
# Read /proc and /proc/net
allow dumpstate proc_net:file r_file_perms;
r_dir_file(dumpstate, proc)
# Read network state info files.
allow dumpstate net_data_file:dir search;