Merge "Don't audit storageproxyd unlabeled access" am: fbf92e2ada am: 22f2ffcbee am: a5ccc7efa8 am: 56b17a34c8
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2007441 Change-Id: Ifbf1caca3b35aa80897b7555000ed8a5b82a1a2e
This commit is contained in:
Tri Vo
Automerger Merge Worker
commit
adfd900367
1 changed files with 4 additions and 0 deletions
4
whitechapel/vendor/google/storageproxyd.te
vendored
4
whitechapel/vendor/google/storageproxyd.te
vendored
|
|
@ -15,3 +15,7 @@ allow tee self:capability { setgid setuid };
|
|||
|
||||
# Allow storageproxyd access to gsi_public_metadata_file
|
||||
read_fstab(tee)
|
||||
|
||||
# storageproxyd starts before /data is mounted. It handles /data not being there
|
||||
# gracefully. However, attempts to access /data trigger a denial.
|
||||
dontaudit tee unlabeled:dir { search };
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue