From 85416e06a522b12874ce0db7a90639b221f00625 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Wed, 15 Apr 2015 17:58:08 -0700
Subject: [PATCH] su.te: add filesystem dontaudit rule

Addresses su denials which occur when mounting filesystems not
defined by policy.

Addresses denials similar to:

  avc: denied { mount } for pid=12361 comm="mount" name="/" dev="binfmt_misc" ino=1 scontext=u:r:su:s0 tcontext=u:object_r:unlabeled:s0 tclass=filesystem permissive=1

Change-Id: Ifa0d7c781152f9ebdda9534ac3a04da151f8d78e
---
 su.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/su.te b/su.te
index 58c75f643..9c01fc530 100644
--- a/su.te
+++ b/su.te
@@ -49,5 +49,6 @@ userdebug_or_eng(`
   dontaudit su keystore:keystore_key *;
   dontaudit su domain:debuggerd *;
   dontaudit su domain:drmservice *;
+  dontaudit su unlabeled:filesystem *;
   service_manager_local_audit_domain(su)
 ')
-- 
GitLab