crash_dump: dontaudit devices passed by exec() avc: denied { read } for comm="crash_dump64" name="v4l-touch22" dev="tmpfs" ino=18821 scontext=u:r:crash_dump:s0 tcontext=u:object_r:input_device:s0 tclass=chr_file Test: build Change-Id: Iac66b77ad255c950b21fd267c88fdbc382be2877

commit: 1795d0bcfd0f98369167f9a77972b3f8ebf1f34d [log] [tgz]
author: Jeff Vander Stoep <jeffv@google.com> Wed Mar 13 20:50:25 2019 -0700
committer: Jeff Vander Stoep <jeffv@google.com> Wed Mar 13 20:50:25 2019 -0700
tree: 130c5bba84a29f380578735d35da3349e4f3ce3f
parent: 96cc32b0eb51cd2f6efa50927a15ecca117a2247 [diff]
diff --git a/private/crash_dump.te b/private/crash_dump.te
index 4c0aa18..adc46a1 100644
--- a/private/crash_dump.te
+++ b/private/crash_dump.te

@@ -1,7 +1,7 @@
 typeattribute crash_dump coredomain;
 
-# Crash dump does not need to access the GPU.
-dontaudit crash_dump gpu_device:chr_file *;
+# Crash dump does not need to access devices passed across exec().
+dontaudit crash_dump dev_type:chr_file { read write };
 
 allow crash_dump {
   domain
commit	1795d0bcfd0f98369167f9a77972b3f8ebf1f34d	[log] [tgz]
author	Jeff Vander Stoep <jeffv@google.com>	Wed Mar 13 20:50:25 2019 -0700
committer	Jeff Vander Stoep <jeffv@google.com>	Wed Mar 13 20:50:25 2019 -0700
tree	130c5bba84a29f380578735d35da3349e4f3ce3f
parent	96cc32b0eb51cd2f6efa50927a15ecca117a2247 [diff]