Skip to content
Snippets Groups Projects
Commit 63b98b17 authored by Nick Kralevich's avatar Nick Kralevich
Browse files

restore system_server zygote socket rules 

16011320 removed the getattr/getopt
support for system_server, which is needed to close the zygote socket.
See b/12061011 for details.

system_server still needs this rule, and it's expected to stay
permanently. Restore the rule and remove the comment about it eventually
being deleted.

Addresses the following denials:

<5>[   86.307639] type=1400 audit(1393376281.530:5): avc:  denied  { getattr } for  pid=656 comm="main" path="socket:[7195]" dev=sockfs ino=7195 scontext=u:r:system_server:s0 tcontext=u:r:zygote:s0 tclass=unix_stream_socket
<5>[   86.307945] type=1400 audit(1393376281.530:6): avc:  denied  { getopt } for  pid=656 comm="main" path="/dev/socket/zygote" scontext=u:r:system_server:s0 tcontext=u:r:zygote:s0 tclass=unix_stream_socket

Bug: 12114500
Change-Id: I47033766dea3ba2fdaa8ce9b4251370bd64aea6d
parent f197f8ce
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
Showing
with 3 additions and 0 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment