Something went wrong on our end
-
Nick Kralevich authored1) Remove explicit allow statements. Since su is in permmissive, there's no need to ever specify allow statements for su. 2) Remove unconfined_domain(su). Su is already permissive, so there's no need to join the unconfined domain, and it just makes getting rid of unconfined more difficult. 3) Put su into app_domain(). This addresses, in a roundabout sorta way, the following denial: type=1400 audit(0.0:4): avc: denied { setsched } for scontext=u:r:system_server:s0 tcontext=u:r:su:s0 tclass=process permissive=0 which comes up while testing media processes as root. We already put the shell user into this domain, so adding su to this domain ensures other processes can communicate consistently with su spawned processes. Bug: 16261280 Bug: 16298582 (cherry picked from commit 213bb45b) Change-Id: If9c3483184ecdf871efee394c0b696e30f61d15dNick Kralevich authored1) Remove explicit allow statements. Since su is in permmissive, there's no need to ever specify allow statements for su. 2) Remove unconfined_domain(su). Su is already permissive, so there's no need to join the unconfined domain, and it just makes getting rid of unconfined more difficult. 3) Put su into app_domain(). This addresses, in a roundabout sorta way, the following denial: type=1400 audit(0.0:4): avc: denied { setsched } for scontext=u:r:system_server:s0 tcontext=u:r:su:s0 tclass=process permissive=0 which comes up while testing media processes as root. We already put the shell user into this domain, so adding su to this domain ensures other processes can communicate consistently with su spawned processes. Bug: 16261280 Bug: 16298582 (cherry picked from commit 213bb45b) Change-Id: If9c3483184ecdf871efee394c0b696e30f61d15d