kernel: selinux: dontaudit untrusted_app su dir { getattr }

* Following the advice that was given by member in rksu group, by replacing ALL to untrusted_app. $ /system/bin/stat /proc/1 Result: 08-15 14:57:54.370 20062 20062 W stat : type=1400 audit(0.0:9564): avc: denied { getattr } for path="/proc/1" dev="proc" ino=12308 scontext=u:r:untrusted_app_27:s0:c27,c258,c512,c768 tcontext=u:r:init:s0 tclass=dir permissive=0 app=com.termux (issue 438bd5f#commitcomment-163785768) Test: Checker pass. * Any issue? Let me know. Tested-by: rsuntk <rsuntk@yukiprjkt.my.id> Co-authored-by: rsuntk <rsuntk@yukiprjkt.my.id>
2025-08-16 12:42:19 +08:00
parent 16007f5892
commit 624a8d9f86
1 changed files with 1 additions and 1 deletions
--- a/kernel/selinux/rules.c
+++ b/kernel/selinux/rules.c
@@ -128,7 +128,7 @@ void apply_kernelsu_rules()
    ksu_allow(db, "system_server", KERNEL_SU_DOMAIN, "process", "sigkill");

 	// https://android-review.googlesource.com/c/platform/system/logging/+/3725346
-	ksu_dontaudit(db, ALL, KERNEL_SU_DOMAIN, "dir", "getattr");
+	ksu_dontaudit(db, "untrusted_app", KERNEL_SU_DOMAIN, "dir", "getattr");

 	mutex_unlock(&ksu_rules);
 }