Sepolicy: Ignore otapreopt_chroot setsched denial

Ignore, as it's a side effect of mounting /vendor. Bug: 31116514 Change-Id: If94a27a26181e40de5c5e60f5446de9ce2ccdba0

Sepolicy: Ignore otapreopt_chroot setsched denial
Ignore, as it's a side effect of mounting /vendor. Bug: 31116514 Change-Id: If94a27a26181e40de5c5e60f5446de9ce2ccdba0
0f81e066 · Andreas Gampe · 7a393427 · 0f81e066
Commit 0f81e066 authored 8 years ago by Andreas Gampe
--- a/otapreopt_chroot.te
+++ b/otapreopt_chroot.te
@@ -10,6 +10,8 @@ allow otapreopt_chroot self:capability { sys_admin sys_chroot };
 # This is required to mount /vendor.
 allow otapreopt_chroot block_device:dir search;
 allow otapreopt_chroot labeledfs:filesystem mount;
+# Mounting /vendor can have this side-effect. Ignore denial.
+dontaudit otapreopt_chroot kernel:process setsched;

 # Allow to transition to postinstall_ota, to run otapreopt in its own sandbox.
 domain_auto_trans(otapreopt_chroot, postinstall_file, postinstall_dexopt)