Skip to content
Snippets Groups Projects
Commit 5ee3151a authored by Nick Kralevich's avatar Nick Kralevich
Browse files

exclude init from apk_data_file getattr 

Addresses the following auditallow spam:

avc: granted { getattr } for comm="init"
path="/data/app/com.sling-1/lib/x86/libavcodec-56.so" dev="mmcblk0p11"
ino=32607 scontext=u:r:init:s0 tcontext=u:object_r:apk_data_file:s0
tclass=file

Test: policy compiles.
Change-Id: I81775f8de93f0b4334279e9f5e19d27e6171616f
parent 41b2b432
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
public/domain_deprecated.te
+ 1
1
View file @ 5ee3151a
...@@ -56,7 +56,7 @@ allow domain_deprecated apk_data_file:dir { getattr search }; ...@@ -56,7 +56,7 @@ allow domain_deprecated apk_data_file:dir { getattr search };
allow domain_deprecated apk_data_file:file r_file_perms; allow domain_deprecated apk_data_file:file r_file_perms;
allow domain_deprecated apk_data_file:lnk_file r_file_perms; allow domain_deprecated apk_data_file:lnk_file r_file_perms;
auditallow { domain_deprecated -appdomain -dex2oat -init -installd -system_server } apk_data_file:dir { getattr search }; auditallow { domain_deprecated -appdomain -dex2oat -init -installd -system_server } apk_data_file:dir { getattr search };
auditallow { domain_deprecated -appdomain -dex2oat -installd -system_server } apk_data_file:file r_file_perms; auditallow { domain_deprecated -appdomain -dex2oat -init -installd -system_server } apk_data_file:file r_file_perms;
auditallow { domain_deprecated -appdomain -dex2oat -installd -system_server } apk_data_file:lnk_file r_file_perms; auditallow { domain_deprecated -appdomain -dex2oat -installd -system_server } apk_data_file:lnk_file r_file_perms;
# Read already opened /cache files. # Read already opened /cache files.
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment