Skip to content
Snippets Groups Projects
Commit af7deffb authored by Nick Kralevich's avatar Nick Kralevich
Browse files

dontaudit su 

Denials generated from the su domain aren't meaningful security
warnings, and just serve to confuse people. Don't log them.

Change-Id: Id38314d4e7b45062c29bed63df4e50e05e4b131e
parent 0cefb701
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 23 additions and 0 deletions
su.te
+ 23
0
View file @ af7deffb
...@@ -26,4 +26,27 @@ userdebug_or_eng(` ...@@ -26,4 +26,27 @@ userdebug_or_eng(`
# Make su a net domain. # Make su a net domain.
net_domain(su) net_domain(su)
dontaudit su self:capability_class_set *;
dontaudit su kernel:security *;
dontaudit su kernel:system *;
dontaudit su self:memprotect *;
dontaudit su domain:process *;
dontaudit su domain:fd *;
dontaudit su domain:dir *;
dontaudit su domain:lnk_file *;
dontaudit su domain:{ fifo_file file } *;
dontaudit su domain:socket_class_set *;
dontaudit su domain:ipc_class_set *;
dontaudit su domain:key *;
dontaudit su fs_type:filesystem *;
dontaudit su {fs_type dev_type file_type}:dir_file_class_set *;
dontaudit su node_type:node *;
dontaudit su node_type:{ tcp_socket udp_socket rawip_socket } *;
dontaudit su netif_type:netif *;
dontaudit su port_type:socket_class_set *;
dontaudit su port_type:{ tcp_socket dccp_socket } *;
dontaudit su domain:peer *;
dontaudit su domain:binder *;
dontaudit su property_type:property_service *;
') ')
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment