Hide bpfloader sys_admin denials.

Bug: 79524845 Test: Boot device and see no denials. Change-Id: I9316bfd0e3718818a7613a421aedff7da8c87108

Hide bpfloader sys_admin denials.
d65f26f1 · Joel Galenson · 7af4a1f1 · d65f26f1 · d65f26f1
Commit d65f26f1 authored 6 years ago by Joel Galenson
--- a/prebuilts/api/28.0/private/bpfloader.te
+++ b/prebuilts/api/28.0/private/bpfloader.te
@@ -26,3 +26,5 @@ neverallow { domain -netd -bpfloader } bpfloader_exec:file { execute execute_no_
 neverallow bpfloader domain:{ tcp_socket udp_socket rawip_socket } *;
 # only system_server, netd and bpfloader can read/write the bpf maps
 neverallow { domain -system_server -netd -bpfloader} netd:bpf { map_read map_write };
+
+dontaudit bpfloader self:capability sys_admin;
--- a/private/bpfloader.te
+++ b/private/bpfloader.te
@@ -26,3 +26,5 @@ neverallow { domain -netd -bpfloader } bpfloader_exec:file { execute execute_no_
 neverallow bpfloader domain:{ tcp_socket udp_socket rawip_socket } *;
 # only system_server, netd and bpfloader can read/write the bpf maps
 neverallow { domain -system_server -netd -bpfloader} netd:bpf { map_read map_write };
+
+dontaudit bpfloader self:capability sys_admin;