From 64f45a241427abb89f3ce9418acf72c0f53a8e23 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Fri, 6 Oct 2017 14:03:04 -0700
Subject: [PATCH] Suppress denials from sdcardfs (b/67454004)

These denials are expected and the code has fallbacks to handle this
case.

Test: policy compiles.
Bug: 67454004
Change-Id: I787625494d0a7c9945318428b6fd3f668a8a2564
---
 public/mediaextractor.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/public/mediaextractor.te b/public/mediaextractor.te
index 05e65bf94..915d47825 100644
--- a/public/mediaextractor.te
+++ b/public/mediaextractor.te
@@ -22,6 +22,9 @@ allow mediaextractor proc_meminfo:file r_file_perms;
 
 crash_dump_fallback(mediaextractor)
 
+# Suppress denials from sdcardfs (b/67454004)
+dontaudit mediaextractor sdcardfs:file read;
+
 # allow mediaextractor read permissions for file sources
 allow mediaextractor media_rw_data_file:file { getattr read };
 allow mediaextractor app_data_file:file { getattr read };
-- 
GitLab