Something went wrong on our end
-
Nick Kralevich authoredThe su domain is always permissive, and will always be permissive. It never makes sense to show su related denials, as they just cause a false sense of alarm. Suppress service_manager related denials. For example: SELinux : avc: denied { find } for service=SurfaceFlinger scontext=u:r:su:s0 tcontext=u:object_r:surfaceflinger_service:s0 tclass=service_manager SELinux : avc: denied { find } for service=activity scontext=u:r:su:s0 tcontext=u:object_r:system_server_service:s0 tclass=service_manager While I'm here, suppress other recent additionsl to security_classes as well (keystore_key, debuggerd, drmservice) Change-Id: I844ad8da5ada09775646b5f32c9405e7b73797f9Nick Kralevich authoredThe su domain is always permissive, and will always be permissive. It never makes sense to show su related denials, as they just cause a false sense of alarm. Suppress service_manager related denials. For example: SELinux : avc: denied { find } for service=SurfaceFlinger scontext=u:r:su:s0 tcontext=u:object_r:surfaceflinger_service:s0 tclass=service_manager SELinux : avc: denied { find } for service=activity scontext=u:r:su:s0 tcontext=u:object_r:system_server_service:s0 tclass=service_manager While I'm here, suppress other recent additionsl to security_classes as well (keystore_key, debuggerd, drmservice) Change-Id: I844ad8da5ada09775646b5f32c9405e7b73797f9