From 616c787b531acf899a0b15352506d3472a6c3609 Mon Sep 17 00:00:00 2001
From: dcashman <dcashman@google.com>
Date: Fri, 6 Feb 2015 14:35:47 -0800
Subject: [PATCH] Remove service_manager_type auditing of shell source domain.

The shell domain is already allowed to list and find all service_manager
objects, so extra auditing is pointless.

Bug: 18106000
Change-Id: I8dbf674fa7ea7b05e48e5bbc352b0c9593f2b627
---
 domain.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/domain.te b/domain.te
index 1aa99594b..4c35f0c8c 100644
--- a/domain.te
+++ b/domain.te
@@ -167,7 +167,7 @@ allow domain asec_public_file:file r_file_perms;
 allow domain { asec_public_file asec_apk_file }:dir r_dir_perms;
 
 # log all access to specified system_server services
-auditallow { domain -service_manager_local_audit } tmp_system_server_service:service_manager {list find };
+auditallow { domain -shell -service_manager_local_audit } tmp_system_server_service:service_manager {list find };
 
 ###
 ### neverallow rules
-- 
GitLab