From 627ba82bc30e9c9c5e4271316ffadd1ed38fd237 Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Mon, 26 Mar 2018 12:51:28 -0700
Subject: [PATCH] crashdump: cleanup logs

Suppress WAI denials from crashdump.

Test: build/flash Taimen. Verify no new denials.
Bug: 68319037
Change-Id: If39d057cb020def7afe89fd95e049e45cce2ae16
(cherry picked from commit cc0304cfc2ca307595108bb8ccafeb363e0103a0)
---
 private/bug_map      |  5 -----
 public/crash_dump.te | 10 ++++++++++
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/private/bug_map b/private/bug_map
index 9bc51543c..73cd3b4ca 100644
--- a/private/bug_map
+++ b/private/bug_map
@@ -1,8 +1,3 @@
-crash_dump app_data_file dir 68319037
-crash_dump bluetooth_data_file dir 68319037
-crash_dump resourcecache_data_file dir 68319037
-crash_dump system_data_file file 68319037
-crash_dump vendor_overlay_file dir 68319037
 platform_app nfc_data_file dir 74331887
 priv_app sysfs dir 72749888
 priv_app sysfs_android_usb file 72749888
diff --git a/public/crash_dump.te b/public/crash_dump.te
index 74bff8060..6b6b986ee 100644
--- a/public/crash_dump.te
+++ b/public/crash_dump.te
@@ -56,6 +56,16 @@ allow crash_dump tombstone_data_file:file { append getattr };
 
 read_logd(crash_dump)
 
+# Crash dump is not intended to access the following data types. Since these
+# are WAI, suppress the denials to clean up the logs.
+dontaudit crash_dump {
+  app_data_file
+  bluetooth_data_file
+  resourcecache_data_file
+  vendor_overlay_file
+}:dir search;
+dontaudit crash_dump system_data_file:file read;
+
 ###
 ### neverallow assertions
 ###
-- 
GitLab