Skip to content
Snippets Groups Projects
Commit 7a186b3f authored by Nick Kralevich's avatar Nick Kralevich
Browse files

Suppress installd auditallow 

installd is expected to be handling unlabeled apps. Don't
emit an audit rule when it occurs.

Change-Id: Ia173914ff4d1b8368a18f326494eda8173d30192
parent 5ce079b9
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 4 additions and 2 deletions
domain.te
+ 4
2
View file @ 7a186b3f
...@@ -150,9 +150,11 @@ allow domain { asec_public_file asec_apk_file }:dir r_dir_perms; ...@@ -150,9 +150,11 @@ allow domain { asec_public_file asec_apk_file }:dir r_dir_perms;
# #
allow domain unlabeled:notdevfile_class_set { create_file_perms relabelfrom }; allow domain unlabeled:notdevfile_class_set { create_file_perms relabelfrom };
allow domain unlabeled:dir { create_dir_perms relabelfrom }; allow domain unlabeled:dir { create_dir_perms relabelfrom };
auditallow { domain -init } unlabeled:notdevfile_class_set { create_file_perms relabelfrom }; auditallow { domain -init -installd } unlabeled:notdevfile_class_set { create_file_perms relabelfrom };
auditallow { domain -init -kernel } unlabeled:dir { create_dir_perms relabelfrom }; auditallow { domain -init -kernel -installd } unlabeled:dir { create_dir_perms relabelfrom };
auditallow kernel unlabeled:dir ~search; auditallow kernel unlabeled:dir ~search;
auditallow installd unlabeled:dir ~{ getattr search relabelfrom };
auditallow installd unlabeled:notdevfile_class_set ~{ getattr relabelfrom };
### ###
### neverallow rules ### neverallow rules
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment