From 64c0ff007934495105c95954452f4cc1dcada4b3 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Thu, 13 Mar 2014 08:41:40 -0400
Subject: [PATCH] Audit attempts by rild to create/write to system_data_file.

Audit attempts by rild to create/write to system_data_file
with avc:  granted messages so that we can identify any such
instances and put such directories/files into radio_data_file or
some other type and then remove these rules.

Change-Id: Ice20fed1733a3f4208d541a4baaa8b6c6f44fbb0
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 rild.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/rild.te b/rild.te
index 4704197db..5bc267a77 100644
--- a/rild.te
+++ b/rild.te
@@ -23,6 +23,8 @@ allow rild radio_data_file:file create_file_perms;
 allow rild sdcard_type:dir r_dir_perms;
 allow rild system_data_file:dir create_dir_perms;
 allow rild system_data_file:file create_file_perms;
+auditallow rild system_data_file:dir { create reparent rmdir setattr write add_name remove_name };
+auditallow rild system_data_file:file { create setattr write append link unlink rename };
 allow rild system_file:file x_file_perms;
 dontaudit rild self:capability sys_admin;
 
-- 
GitLab