diff options
author | Vishal Mahaveer | 2015-10-14 12:17:46 -0500 |
---|---|---|
committer | Vishal Mahaveer | 2015-10-14 12:28:40 -0500 |
commit | cd059a21607e5631ba18332409c867e94f446b4d (patch) | |
tree | 3348a5e0618502302099adbbd1d0cb759674ce33 /sepolicy | |
parent | 192ca8061b38eb486332728ad080319fd50bfd3e (diff) | |
download | device-ti-jacinto6evm-cd059a21607e5631ba18332409c867e94f446b4d.tar.gz device-ti-jacinto6evm-cd059a21607e5631ba18332409c867e94f446b4d.tar.xz device-ti-jacinto6evm-cd059a21607e5631ba18332409c867e94f446b4d.zip |
jacinto6evm: TEMP: don't audit module_request
For time being don't audit module_request denials.
There are lot of module_request denials logged currently with all 32-bit
binaries in M. Android introduced this domain in bionic and our kernel
does not have a separate 32 bit exec domain defined. This generates lot of
unnecessary module request for "personality-8".
Ex:
[ 6.332380] type=1400 audit(946685140.029:22): avc: denied { module_request }
for pid=2025 comm="drmserver" kmod="personality-8" scontext=u:r:drmserver:s0
tcontext=u:r:kernel:s0 tclass=system permissive=1
Making module_requests dontaudit for time being till we figure out how to
handle this. In kernel version 4.0 and later the exec domain support is
completely removed anyways.
Change-Id: Ia50df94edb7609f29f4d866d49ce58d8a593df1f
Signed-off-by: Vishal Mahaveer <vishalm@ti.com>
Diffstat (limited to 'sepolicy')
-rw-r--r-- | sepolicy/domain.te | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/sepolicy/domain.te b/sepolicy/domain.te new file mode 100644 index 0000000..6efb15e --- /dev/null +++ b/sepolicy/domain.te | |||
@@ -0,0 +1,2 @@ | |||
1 | #TEMP | ||
2 | dontaudit domain kernel:system module_request; | ||