From 2d32d81d5a07b00dd5fa0171f82350ddf636221b Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Fri, 13 Oct 2017 13:33:46 -0700
Subject: [PATCH] system_app: suppress denials for disallowed services

Dontaudit denials for services that system_app may not use due
to neverallow assertions.

Bug: 67779088
Test: build
Change-Id: I822a7909c86bee5c2fdeec6e13af1a9791883f72
---
 private/system_app.te | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/private/system_app.te b/private/system_app.te
index 904b8518d..0381c4f9a 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -67,6 +67,15 @@ allow system_app {
   -vold_service
   -vr_hwc_service
 }:service_manager find;
+# suppress denials for services system_app should not be accessing.
+dontaudit system_app {
+  dumpstate_service
+  installd_service
+  netd_service
+  virtual_touchpad_service
+  vold_service
+  vr_hwc_service
+}:service_manager find;
 
 allow system_app keystore:keystore_key {
     get_state
-- 
GitLab