-
Nick Kralevich authored
Don't run rmt in init's domain. /system/bin/rmt_storage is a qualcomm specific daemon responsible for servicing modem filesystem requests. It doesn't make sense to run rmt_storage in init's domain, as doing so prevents us from fine tuning its policy. Keep the domain in permissive mode right now until we address the following denials: <5>[ 7.497467] type=1400 audit(1383939680.983:5): avc: denied { read write } for pid=193 comm="rmt_storage" name="mem" dev="tmpfs" ino=4010 scontext=u:r:rmt:s0 tcontext=u:object_r:kmem_device:s0 tclass=chr_file <5>[ 7.497741] type=1400 audit(1383939680.983:6): avc: denied { open } for pid=193 comm="rmt_storage" name="mem" dev="tmpfs" ino=4010 scontext=u:r:rmt:s0 tcontext=u:object_r:kmem_device:s0 tclass=chr_file We still need to get a better understanding of what rmt_storage does and what rules should be applied to it. Change-Id: I45d03fb93870f1b4bb64215f5dcd9a2a443f556640b7b28d
