selinux: Add rules for the audit daemon

Change-Id: I050a9ef39d58d2592d880d225d45eb64d8a40b7b
This commit is contained in:
Ricardo Cerqueira 2014-11-09 17:20:54 +00:00
parent f2458128d0
commit 15df17f9ac
4 changed files with 10 additions and 0 deletions

3
sepolicy/auditd.te Normal file
View File

@ -0,0 +1,3 @@
allow logd auditd_log:dir rw_dir_perms;
allow logd auditd_log:file create_file_perms;

View File

@ -1,2 +1,4 @@
# Support asec containers getting mounted
allow file_type rootfs:filesystem associate;
type auditd_log, file_type;

View File

@ -1,5 +1,9 @@
/cache/dalvik-cache(/.*)? u:object_r:dalvikcache_data_file:s0
# Auditd is a logging daemon. Put it into logd's context
/system/bin/auditd u:object_r:logd_exec:s0
/data/misc/audit(/.*)? u:object_r:auditd_log:s0
#############################
# performance-related sysfs files (CM)
/sys/kernel/mm/ksm(/.*)? -- u:object_r:sysfs_writable:s0

View File

@ -11,6 +11,7 @@ BOARD_SEPOLICY_UNION += \
file_contexts \
genfs_contexts \
seapp_contexts \
auditd.te \
installd.te \
netd.te \
system.te \