Skip to content
Snippets Groups Projects
Commit b4c4424c authored by Nick Kralevich's avatar Nick Kralevich
Browse files

dontaudit clatd self:capability ipc_lock 

clatd calls mmap(MAP_LOCKED) with a 1M buffer. MAP_LOCKED first checks
capable(CAP_IPC_LOCK), and then checks to see the requested amount is
under RLIMIT_MEMLOCK. The latter check succeeds. As a result, clatd
does not need CAP_IPC_LOCK, so we suppress any denials we see
from clatd asking for this capability.
See https://android-review.googlesource.com/127940

Suppresses the following denial:
  type=1400 audit(1424916750.163:7): avc: denied { ipc_lock } for pid=3458 comm="clatd" capability=14 scontext=u:r:clatd:s0 tcontext=u:r:clatd:s0 tclass=capability

Change-Id: Ica108f66010dfc6a5431efa0b4e58f6a784672d1
parent d99ea5a8
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
Showing
with 8 additions and 0 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment