sepolicy: Ignore more hal_memtrack denials

* They are harmless Change-Id: Idb7947558a8af876e93fa02168da144d9373c9c9
author: Michael Bestas <mkbestas@lineageos.org> 2018-03-22 18:16:45 +0200
committer: Michael Bestas <mkbestas@lineageos.org> 2018-04-20 18:40:47 +0300
commit: 4b4dd9c390f0f6c1f023565943894ec6cbc25193 (patch)
tree: 92d2f2c7770fb786b6cd38fe1dcd5006ba1e33f9
parent: 9110cacc47db553f10a4719f9f4b1ed6a244ec89 (diff)
download: android_device_qcom_sepolicy-4b4dd9c390f0f6c1f023565943894ec6cbc25193.tar.gz
android_device_qcom_sepolicy-4b4dd9c390f0f6c1f023565943894ec6cbc25193.tar.bz2
android_device_qcom_sepolicy-4b4dd9c390f0f6c1f023565943894ec6cbc25193.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/common/hal_memtrack.te b/common/hal_memtrack.te
index 8bdf4d3d..55b6e346 100644
--- a/common/hal_memtrack.te
+++ b/common/hal_memtrack.te
@@ -30,4 +30,5 @@ r_dir_file(hal_memtrack_default, kgsl_debugfs);
 # Memtrack reads proc/<pid>/cmdline to check if process is surfaceflinger.
 # Grant access if that's the case; don't log denials for other processes.
 allow hal_memtrack_default surfaceflinger:file read;
-dontaudit hal_memtrack_default { domain -surfaceflinger}:file read;
+dontaudit hal_memtrack_default { domain -surfaceflinger }:dir search;
+dontaudit hal_memtrack_default { domain -surfaceflinger }:file { open read getattr };
author	Michael Bestas <mkbestas@lineageos.org>	2018-03-22 18:16:45 +0200
committer	Michael Bestas <mkbestas@lineageos.org>	2018-04-20 18:40:47 +0300
commit	4b4dd9c390f0f6c1f023565943894ec6cbc25193 (patch)
tree	92d2f2c7770fb786b6cd38fe1dcd5006ba1e33f9
parent	9110cacc47db553f10a4719f9f4b1ed6a244ec89 (diff)
download	android_device_qcom_sepolicy-4b4dd9c390f0f6c1f023565943894ec6cbc25193.tar.gz android_device_qcom_sepolicy-4b4dd9c390f0f6c1f023565943894ec6cbc25193.tar.bz2 android_device_qcom_sepolicy-4b4dd9c390f0f6c1f023565943894ec6cbc25193.zip