Permit writing to /dev/random and /dev/urandom. Apps attempting to write to /dev/random or /dev/urandom currently succeed, but a policy violation is logged. These two Linux RNG devices are meant to be written to by arbitrary apps. Thus, there's no reason to deny this capability. Bug: 10679705 Change-Id: Ife401f1dd2182889471eef7e90fcc92e96f9c4d6

commit: a2477056ae6a702e7e71b671cd0c47afc1c7da8a [log] [tgz]
author: Alex Klyubin <klyubin@google.com> Tue Sep 10 11:13:15 2013 -0700
committer: Alex Klyubin <klyubin@google.com> Tue Sep 10 12:01:15 2013 -0700
tree: 372ab057e9f7a414d417d5b85fa9aa2e6e5d78e9
parent: 34a8e121124c79e8daa60aebb065377280335bcc [diff]
diff --git a/domain.te b/domain.te
index f4fd6ae..7c9e7a6 100644
--- a/domain.te
+++ b/domain.te

@@ -61,8 +61,8 @@
 allow domain log_device:chr_file rw_file_perms;
 allow domain nv_device:chr_file rw_file_perms;
 allow domain alarm_device:chr_file r_file_perms;
-allow domain urandom_device:chr_file r_file_perms;
-allow domain random_device:chr_file r_file_perms;
+allow domain urandom_device:chr_file rw_file_perms;
+allow domain random_device:chr_file rw_file_perms;
 allow domain properties_device:file r_file_perms;
 
 # Filesystem accesses.
commit	a2477056ae6a702e7e71b671cd0c47afc1c7da8a	[log] [tgz]
author	Alex Klyubin <klyubin@google.com>	Tue Sep 10 11:13:15 2013 -0700
committer	Alex Klyubin <klyubin@google.com>	Tue Sep 10 12:01:15 2013 -0700
tree	372ab057e9f7a414d417d5b85fa9aa2e6e5d78e9
parent	34a8e121124c79e8daa60aebb065377280335bcc [diff]