From 621668568a9ea0b4586ef6d722aa8f935507597a Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Tue, 1 May 2018 08:21:30 -0700
Subject: [PATCH] adbd: dontaudit sys_resource denials

avc: denied { sys_resource } for comm="adbd" capability=24
scontext=u:r:adbd:s0 tcontext=u:r:adbd:s0 tclass=capability

Test: build aosp_sailfish-userdebug
Bug: 78935353
Change-Id: I094e54cbd61245d368f3164e30222dfdff902ffa
---
 private/adbd.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/private/adbd.te b/private/adbd.te
index 77c0d7377..bde6864ba 100644
--- a/private/adbd.te
+++ b/private/adbd.te
@@ -22,6 +22,9 @@ allow adbd self:global_capability_class_set { setuid setgid };
 # Drop capabilities from bounding set on user builds.
 allow adbd self:global_capability_class_set setpcap;
 
+# ignore spurious denials for adbd when disk space is low.
+dontaudit adbd self:global_capability_class_set sys_resource;
+
 # Create and use network sockets.
 net_domain(adbd)
 
-- 
GitLab