From 28ddd1042a2064f02cb55844180b9cafbce9e1c6 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Wed, 25 Feb 2015 09:43:59 -0800
Subject: [PATCH] su: don't auditallow service_manager for su

Addresses the following auditallow messages:

  avc: granted { find } for service=accessibility scontext=u:r:su:s0 tcontext=u:object_r:accessibility_service:s0 tclass=service_manager
  avc: granted { find } for service=activity scontext=u:r:su:s0 tcontext=u:object_r:activity_service:s0 tclass=service_manager
  avc: granted { find } for service=package scontext=u:r:su:s0 tcontext=u:object_r:package_service:s0 tclass=service_manager
  avc: granted { find } for service=user scontext=u:r:su:s0 tcontext=u:object_r:user_service:s0 tclass=service_manager
  avc: granted { find } for service=window scontext=u:r:su:s0 tcontext=u:object_r:window_service:s0 tclass=service_manager

Change-Id: Ie58ad3347e9ef1aacd39670cfec7d095875e237b
---
 su.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/su.te b/su.te
index dab52103c..58c75f643 100644
--- a/su.te
+++ b/su.te
@@ -49,4 +49,5 @@ userdebug_or_eng(`
   dontaudit su keystore:keystore_key *;
   dontaudit su domain:debuggerd *;
   dontaudit su domain:drmservice *;
+  service_manager_local_audit_domain(su)
 ')
-- 
GitLab