Skip to content
Snippets Groups Projects
Commit eecc0ed4 authored by Tri Vo's avatar Tri Vo Committed by Gerrit Code Review
Browse files

Merge "netd: silence innocuous denials to /proc and /sys"

parents 4eb10d80 569e22e8
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 9 additions and 0 deletions
public/netd.te
+ 9
0
View file @ eecc0ed4
...@@ -146,3 +146,12 @@ neverallow { domain -netd -init } netd_stable_secret_prop:file r_file_perms; ...@@ -146,3 +146,12 @@ neverallow { domain -netd -init } netd_stable_secret_prop:file r_file_perms;
# We want to ensure that no other process ever tries tampering with persist.netd.stable_secret, # We want to ensure that no other process ever tries tampering with persist.netd.stable_secret,
# the RFC 7217 secret key managed by netd. Doing so could compromise user privacy. # the RFC 7217 secret key managed by netd. Doing so could compromise user privacy.
neverallow { domain -netd -init } netd_stable_secret_prop:property_service set; neverallow { domain -netd -init } netd_stable_secret_prop:property_service set;
# If an already existing file is opened with O_CREATE, the kernel might generate
# a false report of a create denial. Silence these denials and make sure that
# inappropriate permissions are not granted.
neverallow netd proc_net:dir no_w_dir_perms;
dontaudit netd proc_net:dir write;
neverallow netd sysfs_net:dir no_w_dir_perms;
dontaudit netd sysfs_net:dir write;
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment