From 94ee59bc4a3f769774294e87ac9a25dcbc042542 Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Wed, 28 Oct 2015 08:57:40 -0700
Subject: [PATCH] audit mtp sync permission

Determine if the following rule can be removed:

allow kernel untrusted_app:fd use

Bug: 25331459
Change-Id: I4ef9f376d7fc1d2bdfba69b2fb3e24d49ac136ad
---
 kernel.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/kernel.te b/kernel.te
index ffefdf335..31da2af27 100644
--- a/kernel.te
+++ b/kernel.te
@@ -43,6 +43,9 @@ allow kernel self:security setcheckreqprot;
 # MTP sync (b/15835289)
 # kernel thread "loop0", used by the loop block device, for ASECs (b/17158723)
 allow kernel { priv_app untrusted_app }:fd use;
+# privileged apps have moved to the priv_app domain. Determine
+# if this permission is still needed. b/25331459
+auditallow kernel untrusted_app:fd use;
 allow kernel sdcard_type:file { read write };
 
 # Allow the kernel to read OBB files from app directories. (b/17428116)
-- 
GitLab