From a66d1a4543fc6d43fe2e798bb81347d1097227cf Mon Sep 17 00:00:00 2001
From: Joel Galenson <jgalenson@google.com>
Date: Mon, 26 Mar 2018 16:37:42 -0700
Subject: [PATCH] Hide some denials.

These denials occur fairly often, causing some logspam.

Bug: 77225170
Test: Boot device.
Change-Id: Icd73a992aee44007d0873743f706758f9a19a112
---
 private/untrusted_app_all.te | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index e1bba0d42..949c87acf 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -128,3 +128,12 @@ allow untrusted_app_all system_server:udp_socket { connect getattr read recvfrom
 # Allow the allocation and use of ptys
 # Used by: https://play.google.com/store/apps/details?id=jackpal.androidterm
 create_pty(untrusted_app_all)
+
+# This is allowed for targetSdkVersion <= 25 but disallowed on newer versions.
+dontaudit untrusted_app_all net_dns_prop:file read;
+
+# These have been disallowed since Android O.
+# For P, we assume that apps are safely handling the denial.
+dontaudit untrusted_app_all proc_stat:file read;
+dontaudit untrusted_app_all proc_vmstat:file read;
+dontaudit untrusted_app_all proc_uptime:file read;
-- 
GitLab