From 3e0980891508d31969f2dcff8940e08fa63dab49 Mon Sep 17 00:00:00 2001
From: Tri Vo <trong@google.com>
Date: Thu, 15 Nov 2018 13:52:24 -0800
Subject: [PATCH] Audit /dev access that might no longer be needed after Treble

Bug: 110962171
Test: boot aosp_walleye, aosp_blueline, no log spam from new audit
Change-Id: Ibeeb317e2cf15584395e3dbb73eb01b827e19a09
---
 private/coredomain.te | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/private/coredomain.te b/private/coredomain.te
index cf3930be2..2fbbbfd1a 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te
@@ -105,3 +105,14 @@ full_treble_only(`
     -init
   }{ usbfs binfmt_miscfs }:file no_rw_file_perms;
 ')
+
+# Audit coredomain access to /dev nodes that might no longer be needed after
+# Treble.
+userdebug_or_eng(`
+    auditallow coredomain {
+        audio_device
+        iio_device
+        radio_device
+        tee_device
+    }:chr_file { open read append write ioctl };
+')
-- 
GitLab