举例:type=1400 audit(1358758415.820:7): avc: denied { write } for pid=1229 comm="sh" name="relay" dev="proc" ino=4026533065 scontext=u:r:shell:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0
语法:allow shell proc:file write;
如有多个:allow shell proc:file {open write};
若有neverallow:neverallow {appdomain -shell}
proc:dir_file_class_set write;
路径:system/sepolicy/
device/qcom/sepolicy/common/