Sepolicy : Add dont audit for vendor_gles_data_file label

System process cannot access vendor partition files.

Change-Id: I7fd5805ac98319660c1e5f9fca3ae2137a49d0a0

2 files changed, 14 insertions, 14 deletions

diff --git a/generic/vendor/test/domain.te b/generic/vendor/test/domain.te
index 7e8f96af..fedc00ff 100644
--- a/generic/vendor/test/domain.te
+++ b/generic/vendor/test/domain.te
@@ -26,23 +26,13 @@
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 dontaudit {
-    system_server
-    surfaceflinger
-    bootanim
-    system_app
-    platform_app
-    zygote
-    location_app
-    location_app_test
-    priv_app
-    radio
-    shell
-    zygote
-    mediaswcodec
+    coredomain
+    appdomain
 } vendor_gles_data_file:dir search;
 
 dontaudit {
-    system_app
+    coredomain
+    appdomain
 } vendor_gles_data_file:file *;
 #allow all gpu clients to access configuration settings
 userdebug_or_eng(`
diff --git a/legacy/vendor/test/domain.te b/legacy/vendor/test/domain.te
index 84398b2b..589671e5 100644
--- a/legacy/vendor/test/domain.te
+++ b/legacy/vendor/test/domain.te
@@ -25,6 +25,16 @@
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
+dontaudit {
+    coredomain
+    appdomain
+} vendor_gles_data_file:dir search;
+
+dontaudit {
+    coredomain
+    appdomain
+} vendor_gles_data_file:file *;
+
 #allow all gpu clients to access configuration settings
 userdebug_or_eng(`
 allow {domain - coredomain - hal_configstore_default} sysfs_kgsl:dir search;