Move rmt into its own domain.
Don't run rmt in init's domain. /system/bin/rmt_storage
is a qualcomm specific daemon responsible for servicing modem
filesystem requests. It doesn't make sense to run rmt_storage
in init's domain, as doing so prevents us from fine tuning
its policy.
Keep the domain in permissive mode right now until we address
the following denials:
<5>[ 4.745809] type=1400 audit(1394980.310:5): avc: denied { read write } for pid=181 comm="rmt_storage" name="mem" dev="tmpfs" ino=5667 scontext=u:r:rmt:s0 tcontext=u:object_r:kmem_device:s0 tclass=chr_file
<5>[ 4.746108] type=1400 audit(1394980.310:6): avc: denied { open } for pid=181 comm="rmt_storage" name="mem" dev="tmpfs" ino=5667 scontext=u:r:rmt:s0 tcontext=u:object_r:kmem_device:s0 tclass=chr_file
<5>[ 6.621710] type=1400 audit(1394981.710:14): avc: denied { read write } for pid=181 comm="rmt_storage" path="/dev/mem" dev="tmpfs" ino=5667 scontext=u:r:rmt:s0 tcontext=u:object_r:kmem_device:s0 tclass=chr_file
We still need to get a better understanding of what rmt_storage
does and what rules should be applied to it.
Change-Id: I60df78bd453e11fe0527e68796468764085139e4
3 files changed
