From b76966d65d4e59cbb20b5a78bc583a9907a495da Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Thu, 5 Mar 2015 14:58:30 -0800
Subject: [PATCH] recovery: remove auditallow for exec_type:dir writes

With the move to block based OTAs, we're never going to fix
this bug. Remove the auditallow statement to avoid SELinux log
spam.

Bug: 15575013
Change-Id: I7864e87202b1b70020a8bdf3ef327a2cf4b6bfbd
---
 recovery.te | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/recovery.te b/recovery.te
index 61c42b138..b0616ae17 100644
--- a/recovery.te
+++ b/recovery.te
@@ -36,11 +36,9 @@ recovery_only(`
   # support to OTAs. However, that code has a bug. When an update occurs,
   # some directories are inappropriately labeled as exec_type. This is
   # only transient, and subsequent steps in the OTA script correct this
-  # mistake.
-  # Allow this behavior for now until we can fix the underlying bug.
-  # b/15575013
+  # mistake. New devices are moving to block based OTAs, so this is not
+  # worth fixing. b/15575013
   allow recovery exec_type:dir { create_dir_perms relabelfrom relabelto };
-  auditallow recovery exec_type:dir { create_dir_perms relabelfrom relabelto };
 
   # Write to /proc/sys/vm/drop_caches
   # TODO: create more specific label?
-- 
GitLab