From 9dc1d5381ff01fd64ebf837ae4fbd770e214b3fc Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Wed, 4 Apr 2018 14:36:13 -0700
Subject: [PATCH] priv_app: remove more logspam

avc: denied { read } for name="ext4" dev="sysfs" ino=32709
scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:sysfs:s0
tclass=dir permissive=0 b/72749888
avc: denied { read } for name="state" dev="sysfs" ino=51318
scontext=u:r:priv_app:s0:c512,c768
tcontext=u:object_r:sysfs_android_usb:s0 tclass=file permissive=0
b/72749888

Bug: 72749888
Test: build/boot taimen-userdebug. No more logspam
Change-Id: Ic43d1c8b71e1e5e0e6f9af1e03816c4084120e7e
Merged-In: Ic43d1c8b71e1e5e0e6f9af1e03816c4084120e7e
(cherry picked from commit 558cdf1e9925ca7b1420569abab677090d3d9528)
---
 private/bug_map     | 2 --
 private/priv_app.te | 4 +++-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/private/bug_map b/private/bug_map
index eee9eaae2..8022d044e 100644
--- a/private/bug_map
+++ b/private/bug_map
@@ -1,6 +1,4 @@
 platform_app nfc_data_file dir 74331887
-priv_app sysfs dir 72749888
-priv_app sysfs_android_usb file 72749888
 priv_app system_data_file dir 72811052
 storaged storaged capability 77634061
 system_server crash_dump process 73128755
diff --git a/private/priv_app.te b/private/priv_app.te
index 887f5be0f..0841c41f6 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -140,13 +140,15 @@ unix_socket_connect(priv_app, traced_producer, traced)
 # suppress denials for non-API accesses.
 dontaudit priv_app exec_type:file getattr;
 dontaudit priv_app device:dir read;
+dontaudit priv_app net_dns_prop:file read;
 dontaudit priv_app proc:file read;
 dontaudit priv_app proc_interrupts:file read;
 dontaudit priv_app proc_modules:file read;
 dontaudit priv_app proc_stat:file read;
 dontaudit priv_app proc_version:file read;
+dontaudit priv_app sysfs:dir read;
+dontaudit priv_app sysfs_android_usb:file read;
 dontaudit priv_app wifi_prop:file read;
-dontaudit priv_app net_dns_prop:file read;
 
 # allow privileged apps to use UDP sockets provided by the system server but not
 # modify them other than to connect
-- 
GitLab