From be42c5b12cb9f05d1bed964d2c8adbcc8eca4227 Mon Sep 17 00:00:00 2001 From: Utku Utkan Date: Tue, 18 Jul 2023 14:59:17 -0700 Subject: [PATCH] Don't audit any system_app_data_file:dir access Lab devices don't do factory reset. So we see 'avc: denied' logs everynow and then. The fix disables the related audits to avoid any false negatives. Bug: 287069860 Test: m && flashall && check for 'avc: denied { write }' Change-Id: I4f98af849b99f4ece737c85a23e22b817677d917 --- camera/sepolicy/vendor_pbcs_app.te | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/camera/sepolicy/vendor_pbcs_app.te b/camera/sepolicy/vendor_pbcs_app.te index cc04c60..1ee663f 100644 --- a/camera/sepolicy/vendor_pbcs_app.te +++ b/camera/sepolicy/vendor_pbcs_app.te @@ -2,7 +2,7 @@ type vendor_pbcs_app, domain, coredomain; app_domain(vendor_pbcs_app); -allow vendor_pbcs_app system_app_data_file:dir search; +dontaudit vendor_pbcs_app system_app_data_file:dir *; allow vendor_pbcs_app app_api_service:service_manager find;