14aa292b1a
* allowing any extra permission for "untrustred_app" domain is DANGER * the "untrustred_app" domain rule should ONLY be defined by aosp * kill all don't audit except getopt for untrusted_app. it's a tool to show which app are evil, let it show in audit logs Signed-off-by: pix106 <sbordenave@gmail.com>
37 lines
1.8 KiB
Text
37 lines
1.8 KiB
Text
dontaudit adbd self:capability sys_admin;
|
|
dontaudit blkid self:capability sys_admin;
|
|
dontaudit blkid_untrusted self:capability sys_admin;
|
|
dontaudit crash_dump self:capability sys_admin;
|
|
dontaudit extra_free_kbytes self:capability sys_admin;
|
|
dontaudit fsck self:capability sys_admin;
|
|
dontaudit hal_usb_default self:capability sys_admin;
|
|
dontaudit hal_usb_qti self:capability sys_admin;
|
|
dontaudit hal_wifi_supplicant_default self:capability sys_admin;
|
|
dontaudit installd self:capability kill;
|
|
dontaudit irsc_util self:capability sys_admin;
|
|
dontaudit lmkd self:capability sys_admin;
|
|
dontaudit netutils_wrapper self:capability sys_admin;
|
|
dontaudit rfs_access self:capability sys_admin;
|
|
dontaudit rmt_storage self:capability sys_admin;
|
|
dontaudit thermal-engine self:capability sys_admin;
|
|
dontaudit toolbox self:capability { kill sys_admin };
|
|
dontaudit ueventd self:capability sys_admin;
|
|
dontaudit usbd self:capability sys_admin;
|
|
dontaudit vdc self:capability { kill sys_admin };
|
|
dontaudit vendor_dpmd self:capability sys_admin;
|
|
dontaudit vendor_init-qti-dcvs-sh self:capability sys_admin;
|
|
dontaudit vendor_modprobe self:capability sys_admin;
|
|
dontaudit vendor_msm_irqbalanced self:capability sys_admin;
|
|
dontaudit vendor_pd_mapper self:capability sys_admin;
|
|
dontaudit vendor_toolbox self:capability sys_admin;
|
|
dontaudit vold_prepare_subdirs self:capability sys_admin;
|
|
|
|
dontaudit untrusted_app zygote:unix_stream_socket getopt;
|
|
dontaudit untrusted_app_25 zygote:unix_stream_socket getopt;
|
|
dontaudit untrusted_app_27 zygote:unix_stream_socket getopt;
|
|
dontaudit untrusted_app_29 zygote:unix_stream_socket getopt;
|
|
dontaudit untrusted_app_30 zygote:unix_stream_socket getopt;
|
|
|
|
# Neverallow: no domain should be allowed to ptrace init
|
|
# at system/sepolicy/public/init.te
|
|
dontaudit crash_dump init:process ptrace;
|