From 6a79ca32ac6af2e63206e8b31aed35afbdf1d2e1 Mon Sep 17 00:00:00 2001
From: ShirkNeko <109797057+ShirkNeko@users.noreply.github.com>
Date: Sat, 16 Aug 2025 12:42:19 +0800
Subject: [PATCH] kernel: selinux: dontaudit untrusted_app su dir { getattr } *
 Following the advice that was given by member in rksu group, by replacing ALL
 to untrusted_app.

$ /system/bin/stat /proc/1
Result:
08-15 14:57:54.370 20062 20062 W stat    : type=1400 audit(0.0:9564): avc:  denied  { getattr } for  path="/proc/1" dev="proc" ino=12308 scontext=u:r:untrusted_app_27:s0:c27,c258,c512,c768 tcontext=u:r:init:s0 tclass=dir permissive=0 app=com.termux
(issue
438bd5f#commitcomment-163785768)

Test: Checker pass.

* Any issue? Let me know.

Tested-by: rsuntk <rsuntk@yukiprjkt.my.id>
Co-authored-by: rsuntk <rsuntk@yukiprjkt.my.id>
---
 kernel/selinux/rules.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/selinux/rules.c b/kernel/selinux/rules.c
index c1dadf55..3d579f8d 100644
--- a/kernel/selinux/rules.c
+++ b/kernel/selinux/rules.c
@@ -141,7 +141,7 @@ void ksu_apply_kernelsu_rules()
 	ksu_allow(db, "system_server", KERNEL_SU_DOMAIN, "process", "sigkill");
 
 	// https://android-review.googlesource.com/c/platform/system/logging/+/3725346
-	ksu_dontaudit(db, ALL, KERNEL_SU_DOMAIN, "dir", "getattr");
+	ksu_dontaudit(db, "untrusted_app", KERNEL_SU_DOMAIN, "dir", "getattr");
 
 #ifdef CONFIG_KSU_SUSFS
 	// Allow umount in zygote process without installing zygisk