Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 9e7a5b0a7cd5a17b44d9682c5a16ae2119ad2c94
commit9e7a5b0a7cd5a17b44d9682c5a16ae2119ad2c94[log] [tgz]
authorMax Bires <jbires@google.com>Mon Jan 09 14:57:03 2017 -0800
committerNick Kralevich <nnk@google.com>Fri Jan 13 17:38:39 2017 +0000
treed3c748189add845f860f690cd5f7636c7c7b8894
parent926dc3317dbf3f27a1da1f61cb547cddf9b3e369 [diff]
Auditing init and ueventd access to chr device files.

It seems likely that there is no reason to keep around a number of
devices that are configured to be included into the pixel kernels. Init
and ueventd should be the only processes with r/w access to these
devices, so auditallow rules have been added to ensure that they aren't
actually used.

/dev/keychord was given its own type since it's one of the few character
devices that's actually legitimately used and would cause log spam in
the auditallow otherwise.

Bug: 33347297
Test: The phone boots without any apparent log spam.

Change-Id: I3dd9557df8a9218b8c802e33ff549d15849216fb
4 files changed
tree: d3c748189add845f860f690cd5f7636c7c7b8894
  1. private/
  2. public/
  3. reqd_mask/
  4. tools/
  5. Android.mk
  6. CleanSpec.mk
  7. MODULE_LICENSE_PUBLIC_DOMAIN
  8. NOTICE
  9. PREUPLOAD.cfg
  10. README