Hide and label unwanted denials.

Occasionally hal_graphics_composer_default tries to load some aes crypto modules. Shortly after boot, a priv_app tries to read zygote's stat file. Bug: 72643420 Bug: 72749888 Test: Booted device and checked denials. Tested wifi. Change-Id: I095b0a78ce737daf4445221514ba4b8ce400d700
author: Joel Galenson <jgalenson@google.com> 2018-03-19 14:32:02 -0700
committer: Joel Galenson <jgalenson@google.com> 2018-03-19 14:36:32 -0700
commit: b774d729321c146220b5186dd3b17833c89e76b9 (patch)
tree: b59e573a6d62f74159bb2c5ce581e050cf46907f /sepolicy
parent: dd2b49353d6e0fe149a5e782e6cda02c9cb52195 (diff)
download: bonito-b774d729321c146220b5186dd3b17833c89e76b9.tar.gz
2 files changed, 3 insertions, 0 deletions
diff --git a/sepolicy/vendor/bug_map b/sepolicy/vendor/bug_map
index a659670f..5c9c2540 100644
--- a/sepolicy/vendor/bug_map
+++ b/sepolicy/vendor/bug_map
@@ -7,5 +7,6 @@ cnd system_data_file file 73994924
 init cgroup file 74182216
 netd netd capability 73947368
 priv_app sysfs file 72749888
+priv_app zygote dir 72749888
 sensors sensors capability 74548718
 zygote cgroup file 74182216
diff --git a/sepolicy/vendor/hal_graphics_composer_default.te b/sepolicy/vendor/hal_graphics_composer_default.te
index 8cc6b1d3..10907aaa 100644
--- a/sepolicy/vendor/hal_graphics_composer_default.te
+++ b/sepolicy/vendor/hal_graphics_composer_default.te
@@ -38,3 +38,5 @@ userdebug_or_eng(`
         allow hal_graphics_composer_default debugfs_mdp:dir r_dir_perms;
         allow hal_graphics_composer_default debugfs_mdp:file r_file_perms;
 ')
+
+dontaudit hal_graphics_composer_default kernel:system module_request;
author	Joel Galenson <jgalenson@google.com>	2018-03-19 14:32:02 -0700
committer	Joel Galenson <jgalenson@google.com>	2018-03-19 14:36:32 -0700
commit	b774d729321c146220b5186dd3b17833c89e76b9 (patch)
tree	b59e573a6d62f74159bb2c5ce581e050cf46907f /sepolicy
parent	dd2b49353d6e0fe149a5e782e6cda02c9cb52195 (diff)
download	bonito-b774d729321c146220b5186dd3b17833c89e76b9.tar.gz