Remove selinux denial Don't audit directory writes to sysfs since they cannot succees and therefore cannot be a security issue Bug: 35303861 Test: Make sure denial is no longer shown Change-Id: I1f31d35aa01e28e3eb7371b1a75fc4090ea40464

commit: e9cb76381cd0b6097c2aa9c1bbdc3e06bf6ca558 [log] [tgz]
author: Paul Lawrence <paullawrence@google.com> Mon Feb 13 08:48:51 2017 -0800
committer: Paul Lawrence <paullawrence@google.com> Mon Feb 13 08:51:33 2017 -0800
tree: 611c26a99d366f650dc946c062d5e60165a51179
parent: 6ebcfe478d772e4533b9b6eab2e06ebf94ab16b7 [diff] [blame]
diff --git a/private/init.te b/private/init.te
index d495d54..8a6dcea 100644
--- a/private/init.te
+++ b/private/init.te

@@ -17,3 +17,8 @@
 userdebug_or_eng(`
   domain_auto_trans(init, logcat_exec, logpersist)
 ')
+
+# Creating files on sysfs is impossible so this isn't a threat
+# Sometimes we have to write to non-existent files to avoid conditional
+# init behavior. See b/35303861 for an example.
+dontaudit init sysfs:dir write;
commit	e9cb76381cd0b6097c2aa9c1bbdc3e06bf6ca558	[log] [tgz]
author	Paul Lawrence <paullawrence@google.com>	Mon Feb 13 08:48:51 2017 -0800
committer	Paul Lawrence <paullawrence@google.com>	Mon Feb 13 08:51:33 2017 -0800
tree	611c26a99d366f650dc946c062d5e60165a51179
parent	6ebcfe478d772e4533b9b6eab2e06ebf94ab16b7 [diff] [blame]