Something went wrong on our end
-
Nick Kralevich authoredWhen using domain_trans(init, foo_exec, foo), don't add the following rule: allow foo init:process sigchld; This is already allowed for all domains in domain.te: # Allow reaping by init. allow domain init:process sigchld; So adding it over and over again is redundant and bloats the policy. More specifically, when I run: sepolicy-analyze out/target/product/bullhead/root/sepolicy dups this change reduces the number of duplicate policy statements from 461 to 389. Change-Id: I8632e5649a54f63eb1f79ea6405c4b3f515f544c
Nick Kralevich authoredWhen using domain_trans(init, foo_exec, foo), don't add the following rule: allow foo init:process sigchld; This is already allowed for all domains in domain.te: # Allow reaping by init. allow domain init:process sigchld; So adding it over and over again is redundant and bloats the policy. More specifically, when I run: sepolicy-analyze out/target/product/bullhead/root/sepolicy dups this change reduces the number of duplicate policy statements from 461 to 389. Change-Id: I8632e5649a54f63eb1f79ea6405c4b3f515f544c