commit | 40d4b0b6cce6697b28bc4736b47069b5e1ebd4e2 | [log] [tgz] |
---|---|---|
author | Nick Kralevich <nnk@google.com> | Thu Nov 15 18:51:58 2018 -0800 |
committer | Nick Kralevich <nnk@google.com> | Thu Nov 15 19:01:19 2018 -0800 |
tree | 2320e29d020914d186278493073e783961087bb4 | |
parent | 96b62a60c2ccae777fdcabe7d2ed28b52056860b [diff] |
Delete get_prop(su, ...) rules It is unnecessary to use get_prop() rules for the su domain. The su domain is always in permissive mode [1] and not subject to SELinux enforcement. It's also possible these rules were added to avoid SELinux denial log spam from showing up, however, there are already dontaudit rules in place [2] to prevent this. Delete the unnecessary rules. [1] https://android.googlesource.com/platform/system/sepolicy/+/96b62a60c2ccae777fdcabe7d2ed28b52056860b/private/su.te#19 [2] https://android.googlesource.com/platform/system/sepolicy/+/96b62a60c2ccae777fdcabe7d2ed28b52056860b/public/su.te#42 Test: policy compiles Change-Id: I5913f360738725bf915f0606d381029b9ba4318f