author | Vishal Mahaveer <vishalm@ti.com> | |
Wed, 14 Oct 2015 17:17:46 +0000 (12:17 -0500) | ||
committer | Vishal Mahaveer <vishalm@ti.com> | |
Wed, 14 Oct 2015 17:28:40 +0000 (12:28 -0500) | ||
commit | cd059a21607e5631ba18332409c867e94f446b4d | |
tree | 3348a5e0618502302099adbbd1d0cb759674ce33 | tree | snapshot (tar.xz tar.gz zip) |
parent | 192ca8061b38eb486332728ad080319fd50bfd3e | commit | diff |
jacinto6evm: TEMP: don't audit module_request
For time being don't audit module_request denials.
There are lot of module_request denials logged currently with all 32-bit
binaries in M. Android introduced this domain in bionic and our kernel
does not have a separate 32 bit exec domain defined. This generates lot of
unnecessary module request for "personality-8".
Ex:
[ 6.332380] type=1400 audit(946685140.029:22): avc: denied { module_request }
for pid=2025 comm="drmserver" kmod="personality-8" scontext=u:r:drmserver:s0
tcontext=u:r:kernel:s0 tclass=system permissive=1
Making module_requests dontaudit for time being till we figure out how to
handle this. In kernel version 4.0 and later the exec domain support is
completely removed anyways.
Change-Id: Ia50df94edb7609f29f4d866d49ce58d8a593df1f
Signed-off-by: Vishal Mahaveer <vishalm@ti.com>
For time being don't audit module_request denials.
There are lot of module_request denials logged currently with all 32-bit
binaries in M. Android introduced this domain in bionic and our kernel
does not have a separate 32 bit exec domain defined. This generates lot of
unnecessary module request for "personality-8".
Ex:
[ 6.332380] type=1400 audit(946685140.029:22): avc: denied { module_request }
for pid=2025 comm="drmserver" kmod="personality-8" scontext=u:r:drmserver:s0
tcontext=u:r:kernel:s0 tclass=system permissive=1
Making module_requests dontaudit for time being till we figure out how to
handle this. In kernel version 4.0 and later the exec domain support is
completely removed anyways.
Change-Id: Ia50df94edb7609f29f4d866d49ce58d8a593df1f
Signed-off-by: Vishal Mahaveer <vishalm@ti.com>
sepolicy/domain.te | [new file with mode: 0644] | blob |