dontaudit su unlabeled:vsock_socket * Fix for: type=1400 audit(): avc: denied { getopt } for comm=73657276657220736F636B6574 scontext=u:r:su:s0 tcontext=u:object_r:unlabeled:s0 tclass=vsock_socket type=1400 audit(): avc: denied { setopt } for comm=73657276657220736F636B6574 scontext=u:r:su:s0 tcontext=u:object_r:unlabeled:s0 tclass=vsock_socket type=1400 audit(): avc: denied { read } for comm="adbd" scontext=u:r:su:s0 tcontext=u:object_r:unlabeled:s0 tclass=vsock_socket type=1400 audit(): avc: denied { write } for comm="adbd" scontext=u:r:su:s0 tcontext=u:object_r:unlabeled:s0 tclass=vsock_socket Test: now less audit warnings! Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: I3bd1b2262dc6dcb099403d24611db66aac9aecb0

commit: ae68bf23b661232776204bd86fba95bfb986635f [log] [tgz]
author: Maciej Żenczykowski <maze@google.com> Sat May 04 01:13:38 2019 -0700
committer: Maciej Żenczykowski <maze@google.com> Mon May 06 14:36:39 2019 -0700
tree: 09f1ee052152b51a7d4bbacc744217bba36d06f0
parent: 6450e0038bb5d0b900035a729e84a9ff1a5b0bb3 [diff]
diff --git a/public/su.te b/public/su.te
index 346b1fe..a2f435e 100644
--- a/public/su.te
+++ b/public/su.te

@@ -51,6 +51,7 @@
   dontaudit su unlabeled:filesystem *;
   dontaudit su postinstall_file:filesystem *;
   dontaudit su domain:bpf *;
+  dontaudit su unlabeled:vsock_socket *;
 
   # VTS tests run in the permissive su domain on debug builds, but the HALs
   # being tested run in enforcing mode. Because hal_foo_server is enforcing
commit	ae68bf23b661232776204bd86fba95bfb986635f	[log] [tgz]
author	Maciej Żenczykowski <maze@google.com>	Sat May 04 01:13:38 2019 -0700
committer	Maciej Żenczykowski <maze@google.com>	Mon May 06 14:36:39 2019 -0700
tree	09f1ee052152b51a7d4bbacc744217bba36d06f0
parent	6450e0038bb5d0b900035a729e84a9ff1a5b0bb3 [diff]