Skip to content
Snippets Groups Projects
Commit 6d8a876a authored by Jeff Vander Stoep's avatar Jeff Vander Stoep
Browse files

Suppress denials for non-API access 

avc: denied { read } scontext=u:r:priv_app:s0:c512,c768
tcontext=u:object_r:proc_version:s0 tclass=file
avc: denied { read } scontext=u:r:priv_app:s0:c512,c768
tcontext=u:object_r:wifi_prop:s0 tclass=file
avc: denied { read } scontext=u:r:priv_app:s0:c512,c768
tcontext=u:object_r:net_dns_prop:s0 tclass=file

Bug: 72151306
Test: build
Change-Id: I4b658ccd128746356f635ca7955385a89609eea1
parent 97753529
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 4 additions and 1 deletion
private/priv_app.te
+ 4
1
View file @ 6d8a876a
...@@ -122,11 +122,14 @@ allow priv_app traced:fd use; ...@@ -122,11 +122,14 @@ allow priv_app traced:fd use;
allow priv_app traced_tmpfs:file { read write getattr map }; allow priv_app traced_tmpfs:file { read write getattr map };
unix_socket_connect(priv_app, traced_producer, traced) unix_socket_connect(priv_app, traced_producer, traced)
# suppress denials when safetynet scans /system # suppress denials for non-API accesses.
dontaudit priv_app exec_type:file getattr; dontaudit priv_app exec_type:file getattr;
dontaudit priv_app device:dir read; dontaudit priv_app device:dir read;
dontaudit priv_app proc_interrupts:file read; dontaudit priv_app proc_interrupts:file read;
dontaudit priv_app proc_modules:file read; dontaudit priv_app proc_modules:file read;
dontaudit priv_app proc_version:file read;
dontaudit priv_app wifi_prop:file read;
dontaudit priv_app net_dns_prop:file read;
# allow privileged apps to use UDP sockets provided by the system server but not # allow privileged apps to use UDP sockets provided by the system server but not
# modify them other than to connect # modify them other than to connect
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment