summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVishal Mahaveer2015-10-14 12:17:46 -0500
committerVishal Mahaveer2015-10-14 12:28:40 -0500
commitcd059a21607e5631ba18332409c867e94f446b4d (patch)
tree3348a5e0618502302099adbbd1d0cb759674ce33 /sepolicy
parent192ca8061b38eb486332728ad080319fd50bfd3e (diff)
downloaddevice-ti-jacinto6evm-cd059a21607e5631ba18332409c867e94f446b4d.tar.gz
device-ti-jacinto6evm-cd059a21607e5631ba18332409c867e94f446b4d.tar.xz
device-ti-jacinto6evm-cd059a21607e5631ba18332409c867e94f446b4d.zip
jacinto6evm: TEMP: don't audit module_request
For time being don't audit module_request denials. There are lot of module_request denials logged currently with all 32-bit binaries in M. Android introduced this domain in bionic and our kernel does not have a separate 32 bit exec domain defined. This generates lot of unnecessary module request for "personality-8". Ex: [ 6.332380] type=1400 audit(946685140.029:22): avc: denied { module_request } for pid=2025 comm="drmserver" kmod="personality-8" scontext=u:r:drmserver:s0 tcontext=u:r:kernel:s0 tclass=system permissive=1 Making module_requests dontaudit for time being till we figure out how to handle this. In kernel version 4.0 and later the exec domain support is completely removed anyways. Change-Id: Ia50df94edb7609f29f4d866d49ce58d8a593df1f Signed-off-by: Vishal Mahaveer <vishalm@ti.com>
Diffstat (limited to 'sepolicy')
-rw-r--r--sepolicy/domain.te2
1 files changed, 2 insertions, 0 deletions
diff --git a/sepolicy/domain.te b/sepolicy/domain.te
new file mode 100644
index 0000000..6efb15e
--- /dev/null
+++ b/sepolicy/domain.te
@@ -0,0 +1,2 @@
1#TEMP
2dontaudit domain kernel:system module_request;