Skip to content
Snippets Groups Projects
Commit 34936824 authored by Nick Kralevich's avatar Nick Kralevich
Browse files

reduce duplicate SELinux rules 

When using domain_trans(init, foo_exec, foo), don't add the
following rule:

  allow foo init:process sigchld;

This is already allowed for all domains in domain.te:

  # Allow reaping by init.
  allow domain init:process sigchld;

So adding it over and over again is redundant and bloats the
policy. More specifically, when I run:

  sepolicy-analyze out/target/product/bullhead/root/sepolicy dups

this change reduces the number of duplicate policy statements
from 461 to 389.

Change-Id: I8632e5649a54f63eb1f79ea6405c4b3f515f544c
parent a00ed2b2
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment