Auditing init and ueventd access to chr device files. It seems likely that there is no reason to keep around a number of devices that are configured to be included into the pixel kernels. Init and ueventd should be the only processes with r/w access to these devices, so auditallow rules have been added to ensure that they aren't actually used. /dev/keychord was given its own type since it's one of the few character devices that's actually legitimately used and would cause log spam in the auditallow otherwise. Bug: 33347297 Test: The phone boots without any apparent log spam. Change-Id: I3dd9557df8a9218b8c802e33ff549d15849216fb

commit: 9e7a5b0a7cd5a17b44d9682c5a16ae2119ad2c94 [log] [tgz]
author: Max Bires <jbires@google.com> Mon Jan 09 14:57:03 2017 -0800
committer: Nick Kralevich <nnk@google.com> Fri Jan 13 17:38:39 2017 +0000
tree: d3c748189add845f860f690cd5f7636c7c7b8894
parent: 926dc3317dbf3f27a1da1f61cb547cddf9b3e369 [diff] [blame]
diff --git a/private/file_contexts b/private/file_contexts
index 4d2464a..4d35a17 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -83,6 +83,7 @@
 /dev/input(/.*)		u:object_r:input_device:s0
 /dev/iio:device[0-9]+   u:object_r:iio_device:s0
 /dev/ion		u:object_r:ion_device:s0
+/dev/keychord   u:object_r:keychord_device:s0
 /dev/kmem		u:object_r:kmem_device:s0
 /dev/log(/.*)?		u:object_r:log_device:s0
 /dev/mem		u:object_r:kmem_device:s0
commit	9e7a5b0a7cd5a17b44d9682c5a16ae2119ad2c94	[log] [tgz]
author	Max Bires <jbires@google.com>	Mon Jan 09 14:57:03 2017 -0800
committer	Nick Kralevich <nnk@google.com>	Fri Jan 13 17:38:39 2017 +0000
tree	d3c748189add845f860f690cd5f7636c7c7b8894
parent	926dc3317dbf3f27a1da1f61cb547cddf9b3e369 [diff] [blame]