diff options
| author | Pavel Maltsev <pavelm@google.com> | 2018-05-21 14:54:26 -0700 |
|---|---|---|
| committer | Pavel Maltsev <pavelm@google.com> | 2018-05-21 14:54:26 -0700 |
| commit | 3dc83daa8964c650f0d7e7a29e94404b1d8beff2 (patch) | |
| tree | d5667cbf2101fbeef15fc8eaadb9ddc3d79e35f6 /car_product/sepolicy | |
| parent | 40f1dede85595b9b5497c5916adf34fbcbbd1d74 (diff) | |
| download | Car-3dc83daa8964c650f0d7e7a29e94404b1d8beff2.tar.gz | |
Fix avc errors for procfs-inspector
This process just reads from /proc to get list PIDs. It doesn't
actually reqiurs these priviliges, so adding it to dontaudit
Bug: 79321084
Test: bat_land ; verified no deinals for procfsinspector and it still
returns a list of pid
Change-Id: I2d7f4c5c869897436178b898ee5332e1be66cfcf
Diffstat (limited to 'car_product/sepolicy')
| -rw-r--r-- | car_product/sepolicy/private/procfsinspector.te | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/car_product/sepolicy/private/procfsinspector.te b/car_product/sepolicy/private/procfsinspector.te index 8e1a53342e..9bee7070e0 100644 --- a/car_product/sepolicy/private/procfsinspector.te +++ b/car_product/sepolicy/private/procfsinspector.te @@ -7,3 +7,6 @@ add_service(procfsinspector, procfsinspector_service) binder_use(procfsinspector) allow carservice_app procfsinspector:binder call; + +dontaudit procfsinspector domain:dir getattr; + |