Remove dumpstate selinux spam from logs

Addresses: avc: granted { read } for name="pipe-max-size" dev="proc" ino=470942 scontext=u:r:dumpstate:s0 tcontext=u:object_r:proc:s0 tclass=file avc: granted { read open } for path="/proc/sys/fs/pipe-max-size" dev="proc" ino=470942 scontext=u:r:dumpstate:s0 tcontext=u:object_r:proc:s0 tclass=file Test: build policy Change-Id: I7d8721c73c4f3c51b3885a97c697510e61d1221b

Remove dumpstate selinux spam from logs
f44002b3 · Jeff Vander Stoep · e5fe6a33 · f44002b3 · f44002b3
Commit f44002b3 authored 7 years ago by Jeff Vander Stoep
--- a/private/domain_deprecated.te
+++ b/private/domain_deprecated.te
@@ -190,6 +190,7 @@ allow domain_deprecated proc_meminfo:file r_file_perms;
 userdebug_or_eng(`
 auditallow {
  domain_deprecated
+  -dumpstate
  -fsck
  -fsck_untrusted
  -sdcardd
@@ -199,6 +200,7 @@ auditallow {
 } proc:file r_file_perms;
 auditallow {
  domain_deprecated
+  -dumpstate
  -fsck
  -fsck_untrusted
  -system_server
@@ -206,6 +208,7 @@ auditallow {
 } proc:lnk_file { open ioctl lock }; # getattr read granted in domain
 auditallow {
  domain_deprecated
+  -dumpstate
  -fingerprintd
  -healthd
  -netd

--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -137,8 +137,9 @@ read_logd(dumpstate)
 control_logd(dumpstate)
 read_runtime_log_tags(dumpstate)
-# Read /proc/net
+# Read /proc and /proc/net
 allow dumpstate proc_net:file r_file_perms;
+r_dir_file(dumpstate, proc)
 # Read network state info files.
 allow dumpstate net_data_file:dir search;