From f47ee7fbd20a333dbfc8d0477af1be1eb4655727 Mon Sep 17 00:00:00 2001
From: Max Bires <jbires@google.com>
Date: Fri, 3 Feb 2017 13:26:32 -0800
Subject: [PATCH] Exclude dev/null from auditing - was producing log spam.

Test: Device boots
Change-Id: I2fb0a03c9ed84710dc2db7b170c572a2eae45412
---
 public/init.te | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/public/init.te b/public/init.te
index 1bc2dc6a3..fe8cdbb56 100644
--- a/public/init.te
+++ b/public/init.te
@@ -175,7 +175,7 @@ allow init {
   -vold_data_file
 }:lnk_file { create getattr setattr relabelfrom unlink };
 
-allow init {file_type -system_file -exec_type}:dir_file_class_set relabelto;
+allow init { file_type -system_file -exec_type }:dir_file_class_set relabelto;
 allow init { sysfs debugfs debugfs_tracing }:{ dir file lnk_file } { getattr relabelfrom };
 allow init { sysfs_type debugfs_type }:{ dir file lnk_file } relabelto;
 allow init dev_type:dir create_dir_perms;
@@ -198,7 +198,13 @@ allow init { fs_type -contextmount_type -sdcard_type -rootfs }:dir  { open read
 # init should not be able to read or open generic devices
 # TODO: auditing to see if this can be deleted entirely
 allow init { dev_type -kmem_device -port_device -device }:chr_file { read open };
-auditallow init { dev_type -kmem_device -port_device -device }:chr_file { read open };
+auditallow init {
+  dev_type
+  -kmem_device
+  -port_device
+  -device
+  -null_device
+}:chr_file { read open };
 
 # chown/chmod on devices.
 allow init { dev_type -kmem_device -port_device }:chr_file setattr;
-- 
GitLab