diff options
Diffstat (limited to 'prebuilts/api/32.0/private/auditctl.te')
| -rw-r--r-- | prebuilts/api/32.0/private/auditctl.te | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/prebuilts/api/32.0/private/auditctl.te b/prebuilts/api/32.0/private/auditctl.te new file mode 100644 index 000000000..f634d3d1d --- /dev/null +++ b/prebuilts/api/32.0/private/auditctl.te @@ -0,0 +1,18 @@ +# +# /system/bin/auditctl executed for logd +# +# Performs maintenance of the kernel auditing system, including +# setting rate limits on SELinux denials. +# + +type auditctl, domain, coredomain; +type auditctl_exec, file_type, system_file_type, exec_type; + +# Uncomment the line below to put this domain into permissive +# mode. This helps speed SELinux policy development. +# userdebug_or_eng(`permissive auditctl;') + +init_daemon_domain(auditctl) + +allow auditctl self:global_capability_class_set audit_control; +allow auditctl self:netlink_audit_socket { create_socket_perms_no_ioctl nlmsg_write }; |