selinux: Add rules for the audit daemon
Change-Id: I050a9ef39d58d2592d880d225d45eb64d8a40b7b
This commit is contained in:
Ricardo Cerqueira
parent
f2458128d0
commit
15df17f9ac
3
sepolicy/auditd.te
Normal file
3
sepolicy/auditd.te
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
allow logd auditd_log:dir rw_dir_perms;
|
||||||
|
allow logd auditd_log:file create_file_perms;
|
||||||
|
|
||||||
@ -1,2 +1,4 @@
|
|||||||
# Support asec containers getting mounted
|
# Support asec containers getting mounted
|
||||||
allow file_type rootfs:filesystem associate;
|
allow file_type rootfs:filesystem associate;
|
||||||
|
|
||||||
|
type auditd_log, file_type;
|
||||||
|
|||||||
@ -1,5 +1,9 @@
|
|||||||
/cache/dalvik-cache(/.*)? u:object_r:dalvikcache_data_file:s0
|
/cache/dalvik-cache(/.*)? u:object_r:dalvikcache_data_file:s0
|
||||||
|
|
||||||
|
# Auditd is a logging daemon. Put it into logd's context
|
||||||
|
/system/bin/auditd u:object_r:logd_exec:s0
|
||||||
|
/data/misc/audit(/.*)? u:object_r:auditd_log:s0
|
||||||
|
|
||||||
#############################
|
#############################
|
||||||
# performance-related sysfs files (CM)
|
# performance-related sysfs files (CM)
|
||||||
/sys/kernel/mm/ksm(/.*)? -- u:object_r:sysfs_writable:s0
|
/sys/kernel/mm/ksm(/.*)? -- u:object_r:sysfs_writable:s0
|
||||||
|
|||||||
@ -11,6 +11,7 @@ BOARD_SEPOLICY_UNION += \
|
|||||||
file_contexts \
|
file_contexts \
|
||||||
genfs_contexts \
|
genfs_contexts \
|
||||||
seapp_contexts \
|
seapp_contexts \
|
||||||
|
auditd.te \
|
||||||
installd.te \
|
installd.te \
|
||||||
netd.te \
|
netd.te \
|
||||||
system.te \
|
system.te \
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user