diff options
author | Jeff Vander Stoep <jeffv@google.com> | 2015-07-29 12:59:08 -0700 |
---|---|---|
committer | Jeff Vander Stoep <jeffv@google.com> | 2015-07-29 14:27:55 -0700 |
commit | a38a399afd0c7d2cefce426b35bb4655aee62633 (patch) | |
tree | 8aecac11df60358ea7271dda7a4e36dde6134a71 /sepolicy | |
parent | 447f98b80ae1df0d5176c809f0a42d0699e87795 (diff) | |
download | bullhead-a38a399afd0c7d2cefce426b35bb4655aee62633.tar.gz |
selinux: ignore denial from vold opening /proc/irq
In commit 66270a21df1058434e4d63691221f11ff5387a0f
vold goes through each dir in /proc/ and opens for reading to gather
information about each running process. /proc/irq is not a process and vold
does not need access. Ignore the denial.
Bug: 21591724
Change-Id: I32847a87bbea3ddb373d8bedaf2743a5ce2e98ff
Diffstat (limited to 'sepolicy')
-rw-r--r-- | sepolicy/vold.te | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/sepolicy/vold.te b/sepolicy/vold.te index 66bca28..e98a36c 100644 --- a/sepolicy/vold.te +++ b/sepolicy/vold.te @@ -1 +1,6 @@ -permissive vold; +# vold goes through /proc and opens each dir as O_RDONLY +# to gather information about all PIDS. +# It does not need access to /proc/irq which is labeled as +# proc_irq on bullhead +# See system/vold commit 66270a21df1058434e4d63691221f11ff5387a0f +dontaudit vold proc_irq:dir { read open }; |