vsoc_guest_region_e2e_test suppress /data/local/tmp denial

avc: denied { dac_override } for capability=1 scontext=u:r:vsoc_guest_region_e2e_test:s0 tcontext=u:r:vsoc_guest_region_e2e_test:s0 tclass=capability permissive=0 Fixes: 130577243 Test: boot cuttlefish without above denial Change-Id: I5b8eb65c3400d73107281a9befb7f0a6acb2b884 Merged-In: I5b8eb65c3400d73107281a9befb7f0a6acb2b884 (cherry picked from commit e3dfd4019c11718b3d9026ad989f5470c258d5af)
author: Tri Vo <trong@google.com> 2019-04-16 12:02:44 -0700
committer: Tri Vo <trong@google.com> 2019-05-08 15:52:21 -0700
commit: ce984ed52232475dd60d5983e131351c7351625f (patch)
tree: f026a8817bc1ae1128a7af9db0bd11414e5ce7c8
parent: 8c617be05f35d15a0f774fcf3d57f92b2a7f67fc (diff)
download: cuttlefish-ce984ed52232475dd60d5983e131351c7351625f.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/shared/sepolicy/vsoc_guest_region_e2e_test.te b/shared/sepolicy/vsoc_guest_region_e2e_test.te
index d4ab68fd3..db5749f48 100644
--- a/shared/sepolicy/vsoc_guest_region_e2e_test.te
+++ b/shared/sepolicy/vsoc_guest_region_e2e_test.te
@@ -7,3 +7,7 @@ init_daemon_domain(vsoc_guest_region_e2e_test)
 allow vsoc_guest_region_e2e_test region_e2e_test_device:chr_file rw_file_perms;
 allow vsoc_guest_region_e2e_test vendor_data_file:file { create_file_perms };
 allow vsoc_guest_region_e2e_test vendor_data_file:dir { create_file_perms create_dir_perms };
+
+# gtest checks access() on /data/local/tmp. However, vendor processes are
+# neverallow'ed /data access outside of /data/vendor.
+dontaudit vsoc_guest_region_e2e_test self:capability dac_override;
author	Tri Vo <trong@google.com>	2019-04-16 12:02:44 -0700
committer	Tri Vo <trong@google.com>	2019-05-08 15:52:21 -0700
commit	ce984ed52232475dd60d5983e131351c7351625f (patch)
tree	f026a8817bc1ae1128a7af9db0bd11414e5ce7c8
parent	8c617be05f35d15a0f774fcf3d57f92b2a7f67fc (diff)
download	cuttlefish-ce984ed52232475dd60d5983e131351c7351625f.tar.gz