Don't audit search of /system/usr/dir in hal_drm
Reduce the audit log spam caused by the widewine process.
Bug: 401297280
Bug: 393637335
Change-Id: Iba418307210c5c179067271422293d94d2be07cf
diff --git a/private/hal_drm.te b/private/hal_drm.te
index f24c326..e40252f 100644
--- a/private/hal_drm.te
+++ b/private/hal_drm.te
@@ -48,6 +48,9 @@
allow hal_drm_server { appdomain -isolated_app }:fd use;
+# Reduce the audit log spam caused by the Rikers anti-root check (b/401297280)
+dontaudit hal_drm system_userdir_file:dir search;
+
# only allow unprivileged socket ioctl commands
allowxperm hal_drm self:{ rawip_socket tcp_socket udp_socket }
ioctl { unpriv_sock_ioctls unpriv_tty_ioctls };