selinux: Add rules for the audit daemon
Change-Id: I050a9ef39d58d2592d880d225d45eb64d8a40b7b
This commit is contained in:
parent
f2458128d0
commit
15df17f9ac
3
sepolicy/auditd.te
Normal file
3
sepolicy/auditd.te
Normal file
@ -0,0 +1,3 @@
|
||||
allow logd auditd_log:dir rw_dir_perms;
|
||||
allow logd auditd_log:file create_file_perms;
|
||||
|
@ -1,2 +1,4 @@
|
||||
# Support asec containers getting mounted
|
||||
allow file_type rootfs:filesystem associate;
|
||||
|
||||
type auditd_log, file_type;
|
||||
|
@ -1,5 +1,9 @@
|
||||
/cache/dalvik-cache(/.*)? u:object_r:dalvikcache_data_file:s0
|
||||
|
||||
# Auditd is a logging daemon. Put it into logd's context
|
||||
/system/bin/auditd u:object_r:logd_exec:s0
|
||||
/data/misc/audit(/.*)? u:object_r:auditd_log:s0
|
||||
|
||||
#############################
|
||||
# performance-related sysfs files (CM)
|
||||
/sys/kernel/mm/ksm(/.*)? -- u:object_r:sysfs_writable:s0
|
||||
|
@ -11,6 +11,7 @@ BOARD_SEPOLICY_UNION += \
|
||||
file_contexts \
|
||||
genfs_contexts \
|
||||
seapp_contexts \
|
||||
auditd.te \
|
||||
installd.te \
|
||||
netd.te \
|
||||
system.te \
|
||||
|
Loading…
Reference in New Issue
Block a user