Merge "Clean up logspam for cgroup access"

commit: 0231e5faaa06a5ac5e6a7d3a7a5b0fb54e31ee93 [log] [tgz]
author: TreeHugger Robot <treehugger-gerrit@google.com> Fri Jun 09 21:40:05 2017 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> Fri Jun 09 21:40:05 2017 +0000
tree: 35e567ca167c9012618bd86b2ed84a27903940e4
parent: aebfe7e90f0bab95d4185768308899400cbb54b4 [diff]
parent: 2d0d28662d6f4d6ce33bfdb5140acb7830cc30d6 [diff]
diff --git a/private/domain_deprecated.te b/private/domain_deprecated.te
index 7c735f2..69602c3 100644
--- a/private/domain_deprecated.te
+++ b/private/domain_deprecated.te

@@ -256,7 +256,7 @@
   -surfaceflinger
   -system_server
   -zygote
-} cgroup:dir r_dir_perms;
+} cgroup:dir { open getattr read ioctl lock }; # search granted to domain
 auditallow {
   domain_deprecated
   -appdomain
@@ -270,7 +270,21 @@
   -surfaceflinger
   -system_server
   -zygote
-} cgroup:{ file lnk_file } r_file_perms;
+} cgroup:file { getattr read ioctl }; # open and lock granted to domain
+auditallow {
+  domain_deprecated
+  -appdomain
+  -dumpstate
+  -fingerprintd
+  -healthd
+  -inputflinger
+  -installd
+  -keystore
+  -netd
+  -surfaceflinger
+  -system_server
+  -zygote
+} cgroup:lnk_file r_file_perms;
 auditallow {
   domain_deprecated
   -appdomain
commit	0231e5faaa06a5ac5e6a7d3a7a5b0fb54e31ee93	[log] [tgz]
author	TreeHugger Robot <treehugger-gerrit@google.com>	Fri Jun 09 21:40:05 2017 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	Fri Jun 09 21:40:05 2017 +0000
tree	35e567ca167c9012618bd86b2ed84a27903940e4
parent	aebfe7e90f0bab95d4185768308899400cbb54b4 [diff]
parent	2d0d28662d6f4d6ce33bfdb5140acb7830cc30d6 [diff]