-
Stephen Smalley authored
Old Android kernels (e.g. kernel/goldfish android-2.6.29 commit 2bda29) fell back to a CAP_SYS_ADMIN check even before checking uids if the cgroup subsystem did not define its own can_attach handler. This doesn't appear to have ever been the case of mainline, and is not true of the 3.4 Android kernels. So we no longer need to dontaudit sys_admin to avoid log noise. Change-Id: I3822600a06c242764a94f9b67d9fcd6f599d3453 Signed-off-by:Stephen Smalley <sds@tycho.nsa.gov>
016e6365
