Audit attempts by rild to create/write to system_data_file.

Audit attempts by rild to create/write to system_data_file with avc: granted messages so that we can identify any such instances and put such directories/files into radio_data_file or some other type and then remove these rules. Change-Id: Ice20fed1733a3f4208d541a4baaa8b6c6f44fbb0 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Audit attempts by rild to create/write to system_data_file.
64c0ff00 · Stephen Smalley · Nick Kralevich · 599e71a9 · 64c0ff00
Commit 64c0ff00 authored 11 years ago by Stephen Smalley Committed by Nick Kralevich 11 years ago
--- a/rild.te
+++ b/rild.te
@@ -23,6 +23,8 @@ allow rild radio_data_file:file create_file_perms;
 allow rild sdcard_type:dir r_dir_perms;
 allow rild system_data_file:dir create_dir_perms;
 allow rild system_data_file:file create_file_perms;
+auditallow rild system_data_file:dir { create reparent rmdir setattr write add_name remove_name };
+auditallow rild system_data_file:file { create setattr write append link unlink rename };
 allow rild system_file:file x_file_perms;
 dontaudit rild self:capability sys_admin;