Commits

Robert Craig committed 9a95063

dontaudit domain access to chr_file.

Most processes want to read/write to rootfs on a
chr_file. Probably means, init or some other ancestor of
these processes has failed to close its descriptor and
thus every descendant inherits it by default.

Change-Id: Id946fee94ea375abba71f6e073746dc3283da23d

Comments (0)

Files changed (2)

 	file_contexts \
 	app.te \
 	device.te \
+	domain.te \
 	mediaserver.te \
 	surfaceflinger.te

sepolicy/domain.te

+dontaudit domain rootfs:chr_file { read write };