Skip to content
Snippets Groups Projects
Commit 30707a45 authored by Nick Kralevich's avatar Nick Kralevich
Browse files

init.te: remove unactionable auditallow statements 

Commit 0d08d472 added two auditallow
statements. The intented purpose of the auditallow statement was:

  auditallow accesses by init to files
  and character devices left in the generic device type so we can monitor
  what is being left there, although it is not necessarily a problem unless
  the file or device should be accessible to others.

As currently written, the auditallow rules aren't actionable. It's not
a problem by itself for init to access a /dev file or chr_file.
Rather, we care about when other domains access such files.

Currently, this generates a number of (expected) audit statements on
boot, which causes unnecessary confusion and makes people believe
that something is broken.

Remove the unactionable auditallow statements.

Change-Id: Ibfe33976505a7dc3f8d15c9eb203c044a39da426
parent 6ae82910
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 0 additions and 2 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment