diff options
author | Jeff Vander Stoep <jeffv@google.com> | 2017-07-12 14:12:08 -0700 |
---|---|---|
committer | Jeffrey Vander Stoep <jeffv@google.com> | 2017-07-13 05:19:54 +0000 |
commit | 7fcf5a1a62c36b4b786811aaef8e0e1411db6275 (patch) | |
tree | 0696f2e0003832796e45c03a4b08f364a00bbc0e | |
parent | 2bcf425fd53c51d4045e0f75372c60b5dd3c9171 (diff) | |
download | wahoo-7fcf5a1a62c36b4b786811aaef8e0e1411db6275.tar.gz |
suppress denial logspam
These denials are not causing app bugs but the underlying code needs
to be fixed. In the meantime, remove them from the logs.
avc: denied { read } for name="/" dev="tmpfs" ino=19039
scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:device:s0
tclass=dir
avc: denied { read } for name="interrupts" dev="proc" ino=4026532104
scontext=u:r:priv_app:s0:c512,c768
tcontext=u:object_r:proc_interrupts:s0 tclass=file
avc: denied { read } for name="modules" dev="proc" ino=4026532153
scontext=u:r:priv_app:s0:c512,c768
tcontext=u:object_r:proc_modules:s0 tclass=filea
avc: denied { search } for name="zram0" dev="sysfs" ino=37069
scontext=u:r:untrusted_app:s0:c512,c768
tcontext=u:object_r:sysfs_zram:s0 tclass=dir
Bug: 63631799
Test: Build and flash, verify denials are gone.
Change-Id: I6ddc91aa792b771e2c4190b211588347cc4119ea
-rw-r--r-- | sepolicy/private/priv_app.te | 3 | ||||
-rw-r--r-- | sepolicy/private/untrusted_app_all.te | 2 |
2 files changed, 5 insertions, 0 deletions
diff --git a/sepolicy/private/priv_app.te b/sepolicy/private/priv_app.te new file mode 100644 index 00000000..43f9fd43 --- /dev/null +++ b/sepolicy/private/priv_app.te @@ -0,0 +1,3 @@ +dontaudit priv_app device:dir read; +dontaudit priv_app proc_interrupts:file read; +dontaudit priv_app proc_modules:file read; diff --git a/sepolicy/private/untrusted_app_all.te b/sepolicy/private/untrusted_app_all.te new file mode 100644 index 00000000..99bb3001 --- /dev/null +++ b/sepolicy/private/untrusted_app_all.te @@ -0,0 +1,2 @@ +# suppress spurious denials +dontaudit untrusted_app_all sysfs_zram:dir search; |