Skip to content
Snippets Groups Projects
Commit f7ec4138 authored by Joel Galenson's avatar Joel Galenson
Browse files

Dontaudit denials caused by race with labeling. 

These denials seem to be caused by a race with the process that labels
the files.  While we work on fixing them, hide the denials.

Bug: 68864350
Bug: 70180742
Test: Built policy.
Change-Id: I58a32e38e6384ca55e865e9575dcfe7c46b2ed3c
parent 946b4b76
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
private/bootanim.te
+ 3
0
View file @ f7ec4138
typeattribute bootanim coredomain; typeattribute bootanim coredomain;
init_daemon_domain(bootanim) init_daemon_domain(bootanim)
# b/68864350
dontaudit bootanim unlabeled:dir search;
private/bug_map
+ 0
4
View file @ f7ec4138
bootanim unlabeled dir 68864350
crash_dump app_data_file dir 68319037 crash_dump app_data_file dir 68319037
crash_dump bluetooth_data_file dir 68319037 crash_dump bluetooth_data_file dir 68319037
crash_dump resourcecache_data_file dir 68319037 crash_dump resourcecache_data_file dir 68319037
crash_dump system_data_file file 68319037 crash_dump system_data_file file 68319037
crash_dump vendor_overlay_file dir 68319037 crash_dump vendor_overlay_file dir 68319037
hal_fingerprint_default system_data_file dir 73068008 hal_fingerprint_default system_data_file dir 73068008
hal_graphics_allocator_default unlabeled dir 70180742
hal_graphics_composer_default unlabeled dir 68864350
priv_app sysfs dir 72749888 priv_app sysfs dir 72749888
priv_app sysfs_android_usb file 72749888 priv_app sysfs_android_usb file 72749888
priv_app system_data_file dir 72811052 priv_app system_data_file dir 72811052
surfaceflinger unlabeled dir 68864350
system_server crash_dump process 73128755 system_server crash_dump process 73128755
system_server vendor_framework_file dir 68826235 system_server vendor_framework_file dir 68826235
untrusted_app_25 system_data_file dir 72550646 untrusted_app_25 system_data_file dir 72550646
......
private/surfaceflinger.te
+ 3
0
View file @ f7ec4138
...@@ -115,3 +115,6 @@ pdx_client(surfaceflinger, performance_client) ...@@ -115,3 +115,6 @@ pdx_client(surfaceflinger, performance_client)
# Do not allow accessing SDcard files as unsafe ejection could # Do not allow accessing SDcard files as unsafe ejection could
# cause the kernel to kill the process. # cause the kernel to kill the process.
neverallow surfaceflinger sdcard_type:file rw_file_perms; neverallow surfaceflinger sdcard_type:file rw_file_perms;
# b/68864350
dontaudit surfaceflinger unlabeled:dir search;
vendor/hal_graphics_allocator_default.te
+ 3
0
View file @ f7ec4138
...@@ -3,3 +3,6 @@ hal_server_domain(hal_graphics_allocator_default, hal_graphics_allocator) ...@@ -3,3 +3,6 @@ hal_server_domain(hal_graphics_allocator_default, hal_graphics_allocator)
type hal_graphics_allocator_default_exec, exec_type, vendor_file_type, file_type; type hal_graphics_allocator_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_graphics_allocator_default) init_daemon_domain(hal_graphics_allocator_default)
# b/70180742
dontaudit hal_graphics_allocator_default unlabeled:dir search;
vendor/hal_graphics_composer_default.te
+ 3
0
View file @ f7ec4138
...@@ -3,3 +3,6 @@ hal_server_domain(hal_graphics_composer_default, hal_graphics_composer) ...@@ -3,3 +3,6 @@ hal_server_domain(hal_graphics_composer_default, hal_graphics_composer)
type hal_graphics_composer_default_exec, exec_type, vendor_file_type, file_type; type hal_graphics_composer_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_graphics_composer_default) init_daemon_domain(hal_graphics_composer_default)
# b/68864350
dontaudit hal_graphics_composer_default unlabeled:dir search;
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment