Don't audit storageproxyd unlabeled access
Test: m sepolicy Bug: 197502330 Change-Id: I794dac85e475434aaf024027c43c98dde60bee27
This commit is contained in:
Tri Vo
parent
05565c1f14
commit
03fef48542
1 changed files with 4 additions and 0 deletions
4
whitechapel/vendor/google/storageproxyd.te
vendored
4
whitechapel/vendor/google/storageproxyd.te
vendored
|
|
@ -15,3 +15,7 @@ allow tee self:capability { setgid setuid };
|
|||
|
||||
# Allow storageproxyd access to gsi_public_metadata_file
|
||||
read_fstab(tee)
|
||||
|
||||
# storageproxyd starts before /data is mounted. It handles /data not being there
|
||||
# gracefully. However, attempts to access /data trigger a denial.
|
||||
dontaudit tee unlabeled:dir { search };
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue