From a3b3bdbb2fdbb4c540ef4e6c3ba77f5723ccf46d Mon Sep 17 00:00:00 2001
From: Joel Galenson <jgalenson@google.com>
Date: Tue, 10 Apr 2018 09:55:11 -0700
Subject: [PATCH] Widen crash_dump dontaudit.

We have seen crash_dump denials for radio_data_file,
shared_relro_file, shell_data_file, and vendor_app_file.  This commit
widens an existing dontaudit to include them as well as others that we
might see.

Test: Boot device.
Change-Id: I9ad2a2dafa8e73b13c08d0cc6886274a7c0e3bac
---
 public/crash_dump.te | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/public/crash_dump.te b/public/crash_dump.te
index 6b6b986ee..f778d2818 100644
--- a/public/crash_dump.te
+++ b/public/crash_dump.te
@@ -59,10 +59,8 @@ read_logd(crash_dump)
 # Crash dump is not intended to access the following data types. Since these
 # are WAI, suppress the denials to clean up the logs.
 dontaudit crash_dump {
-  app_data_file
-  bluetooth_data_file
-  resourcecache_data_file
-  vendor_overlay_file
+  core_data_file_type
+  vendor_file_type
 }:dir search;
 dontaudit crash_dump system_data_file:file read;
 
-- 
GitLab