From 0f81e06630a3093b44483e54761a3505f5dc25c4 Mon Sep 17 00:00:00 2001
From: Andreas Gampe <agampe@google.com>
Date: Wed, 5 Oct 2016 16:19:39 -0700
Subject: [PATCH] Sepolicy: Ignore otapreopt_chroot setsched denial

Ignore, as it's a side effect of mounting /vendor.

Bug: 31116514
Change-Id: If94a27a26181e40de5c5e60f5446de9ce2ccdba0
---
 otapreopt_chroot.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/otapreopt_chroot.te b/otapreopt_chroot.te
index fcba7b145..1c5f2eed0 100644
--- a/otapreopt_chroot.te
+++ b/otapreopt_chroot.te
@@ -10,6 +10,8 @@ allow otapreopt_chroot self:capability { sys_admin sys_chroot };
 # This is required to mount /vendor.
 allow otapreopt_chroot block_device:dir search;
 allow otapreopt_chroot labeledfs:filesystem mount;
+# Mounting /vendor can have this side-effect. Ignore denial.
+dontaudit otapreopt_chroot kernel:process setsched;
 
 # Allow to transition to postinstall_ota, to run otapreopt in its own sandbox.
 domain_auto_trans(otapreopt_chroot, postinstall_file, postinstall_dexopt)
-- 
GitLab