system_app: suppress denials for disallowed services Dontaudit denials for services that system_app may not use due to neverallow assertions. Bug: 67779088 Test: build Change-Id: I822a7909c86bee5c2fdeec6e13af1a9791883f72

commit: 2d32d81d5a07b00dd5fa0171f82350ddf636221b [log] [tgz]
author: Jeff Vander Stoep <jeffv@google.com> Fri Oct 13 13:33:46 2017 -0700
committer: Jeff Vander Stoep <jeffv@google.com> Fri Oct 13 13:43:34 2017 -0700
tree: c4c763d68591adf8c494173b5cc51b8542e2e5a7
parent: e82c8ab78612deeee14ba7523ba1ad84c37efeec [diff] [blame]
diff --git a/private/system_app.te b/private/system_app.te
index 904b851..0381c4f 100644
--- a/private/system_app.te
+++ b/private/system_app.te

@@ -67,6 +67,15 @@
   -vold_service
   -vr_hwc_service
 }:service_manager find;
+# suppress denials for services system_app should not be accessing.
+dontaudit system_app {
+  dumpstate_service
+  installd_service
+  netd_service
+  virtual_touchpad_service
+  vold_service
+  vr_hwc_service
+}:service_manager find;
 
 allow system_app keystore:keystore_key {
     get_state
commit	2d32d81d5a07b00dd5fa0171f82350ddf636221b	[log] [tgz]
author	Jeff Vander Stoep <jeffv@google.com>	Fri Oct 13 13:33:46 2017 -0700
committer	Jeff Vander Stoep <jeffv@google.com>	Fri Oct 13 13:43:34 2017 -0700
tree	c4c763d68591adf8c494173b5cc51b8542e2e5a7
parent	e82c8ab78612deeee14ba7523ba1ad84c37efeec [diff] [blame]