Skip to content
Snippets Groups Projects
Commit 13e44ec7 authored by Nick Kralevich's avatar Nick Kralevich
Browse files

allow system_server block_suspend 

I'm only seeing this denial on one device (manta), but it feels like
it should be part of the generic policy. I don't understand
why it's happening on only one device.

Addresses the following denial:

14.711671   type=1400 audit(1387474628.570:6): avc:  denied  { block_suspend } for  pid=533 comm="InputReader" capability=36  scontext=u:r:system_server:s0 tcontext=u:r:system_server:s0 tclass=capability2

Change-Id: If4b28b6f42ca92c0e2cacfad75c8cbe023b0fa47
parent 815e9813
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 2 additions and 0 deletions
system_server.te
+ 2
0
View file @ 13e44ec7
...@@ -37,6 +37,8 @@ allow system_server self:capability { ...@@ -37,6 +37,8 @@ allow system_server self:capability {
sys_tty_config sys_tty_config
}; };
allow system_server self:capability2 block_suspend;
# Triggered by /proc/pid accesses, not allowed. # Triggered by /proc/pid accesses, not allowed.
dontaudit system_server self:capability sys_ptrace; dontaudit system_server self:capability sys_ptrace;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment