Skip to content
Snippets Groups Projects
Commit fc283871 authored by Jeff Vander Stoep's avatar Jeff Vander Stoep
Browse files

suppress logspam

avc: denied { search } for name="tmp" dev="sda13" ino=1867778
scontext=u:r:isolated_app:s0:c512,c768
tcontext=u:object_r:shell_data_file:s0 tclass=dir

avc: denied { getattr } for path="/mnt/expand" dev="tmpfs" ino=9850
scontext=u:r:webview_zygote:s0 tcontext=u:object_r:mnt_expand_file:s0
tclass=dir

Bug: 63631799
Test: build. Denial no longer appears in the logs
Change-Id: Ie8a297c73b0f0e9008a7bf24438ef5354bf893df
parent 1eff6417
No related branches found
No related tags found
No related merge requests found
......@@ -46,6 +46,10 @@ allow isolated_app webview_zygote:unix_dgram_socket write;
# Read system properties managed by webview_zygote.
allow isolated_app webview_zygote_tmpfs:file read;
# TODO (b/63631799) fix this access
# suppress denials to /data/local/tmp
dontaudit isolated_app shell_data_file:dir search;
#####
##### Neverallow
#####
......
......@@ -43,6 +43,10 @@ allow webview_zygote system_server:process getpgid;
# Interaction between the webview_zygote and its children.
allow webview_zygote isolated_app:process setpgid;
# TODO (b/63631799) fix this access
# Suppress denials to storage. Webview zygote should not be accessing.
dontaudit webview_zygote mnt_expand_file:dir getattr;
# Get seapp_contexts
allow webview_zygote seapp_contexts_file:file r_file_perms;
# Check validity of SELinux context before use.
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment