From f6d12c6979128843a0bddee8de8f61f8ed1b646f Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Wed, 13 May 2015 16:06:34 -0700
Subject: [PATCH] dontaudit untrusted_app exec_type:file getattr

Programs routinely scan through /system, looking at the files there.
Don't generate an SELinux denial when it happens.

Bug: 21120228
Change-Id: I85367406e7ffbb3e24ddab6f97448704df990603
---
 untrusted_app.te | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/untrusted_app.te b/untrusted_app.te
index 7a9e2dd3d..4e783f13e 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -111,6 +111,11 @@ userdebug_or_eng(`
   allow untrusted_app perfprofd_data_file:file r_file_perms;
   allow untrusted_app perfprofd_data_file:dir r_dir_perms;
 ')
+
+# Programs routinely attempt to scan through /system, looking
+# for files. Suppress the denials when they occur.
+dontaudit untrusted_app exec_type:file getattr;
+
 ###
 ### neverallow rules
 ###
-- 
GitLab