From 5ee3151a8e8185139ec85292b9312f967e705e7e Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Fri, 10 Feb 2017 02:33:25 -0800
Subject: [PATCH] exclude init from apk_data_file getattr

Addresses the following auditallow spam:

avc: granted { getattr } for comm="init"
path="/data/app/com.sling-1/lib/x86/libavcodec-56.so" dev="mmcblk0p11"
ino=32607 scontext=u:r:init:s0 tcontext=u:object_r:apk_data_file:s0
tclass=file

Test: policy compiles.
Change-Id: I81775f8de93f0b4334279e9f5e19d27e6171616f
---
 public/domain_deprecated.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/public/domain_deprecated.te b/public/domain_deprecated.te
index 1f535c350..a73233267 100644
--- a/public/domain_deprecated.te
+++ b/public/domain_deprecated.te
@@ -56,7 +56,7 @@ allow domain_deprecated apk_data_file:dir { getattr search };
 allow domain_deprecated apk_data_file:file r_file_perms;
 allow domain_deprecated apk_data_file:lnk_file r_file_perms;
 auditallow { domain_deprecated -appdomain -dex2oat -init -installd -system_server } apk_data_file:dir { getattr search };
-auditallow { domain_deprecated -appdomain -dex2oat -installd -system_server } apk_data_file:file r_file_perms;
+auditallow { domain_deprecated -appdomain -dex2oat -init -installd -system_server } apk_data_file:file r_file_perms;
 auditallow { domain_deprecated -appdomain -dex2oat -installd -system_server } apk_data_file:lnk_file r_file_perms;
 
 # Read already opened /cache files.
-- 
GitLab