From 624a8d9f86bdfc26ad8023f8c077e7430a47f05e Mon Sep 17 00:00:00 2001
From: ShirkNeko <109797057+ShirkNeko@users.noreply.github.com>
Date: Sat, 16 Aug 2025 12:42:19 +0800
Subject: [PATCH] kernel: selinux: dontaudit untrusted_app su dir { getattr } *
 Following the advice that was given by member in rksu group, by replacing ALL
 to untrusted_app.

$ /system/bin/stat /proc/1
Result:
08-15 14:57:54.370 20062 20062 W stat    : type=1400 audit(0.0:9564): avc:  denied  { getattr } for  path="/proc/1" dev="proc" ino=12308 scontext=u:r:untrusted_app_27:s0:c27,c258,c512,c768 tcontext=u:r:init:s0 tclass=dir permissive=0 app=com.termux
(issue
438bd5f#commitcomment-163785768)

Test: Checker pass.

* Any issue? Let me know.

Tested-by: rsuntk <rsuntk@yukiprjkt.my.id>
Co-authored-by: rsuntk <rsuntk@yukiprjkt.my.id>
---
 kernel/selinux/rules.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/selinux/rules.c b/kernel/selinux/rules.c
index 94599792..c60159c0 100644
--- a/kernel/selinux/rules.c
+++ b/kernel/selinux/rules.c
@@ -128,7 +128,7 @@ void apply_kernelsu_rules()
     ksu_allow(db, "system_server", KERNEL_SU_DOMAIN, "process", "sigkill");
 
 	// https://android-review.googlesource.com/c/platform/system/logging/+/3725346
-	ksu_dontaudit(db, ALL, KERNEL_SU_DOMAIN, "dir", "getattr");
+	ksu_dontaudit(db, "untrusted_app", KERNEL_SU_DOMAIN, "dir", "getattr");
 
 	mutex_unlock(&ksu_rules);
 }