Reduce graphics logspam
There is no change in behavior. These denials were already
being blocked.
Bug: 79617173
Test: build
Change-Id: Iffd1e5ba42854615eeea9490fe9150678ac98796
diff --git a/private/app.te b/private/app.te
index 5590ca5..a03bcb0 100644
--- a/private/app.te
+++ b/private/app.te
@@ -19,6 +19,8 @@
# Attempting to do so will be blocked by both selinux and unix
# permissions.
dontaudit appdomain system_data_file:dir write;
+# Apps should not be reading vendor-defined properties.
+dontaudit appdomain vendor_default_prop:file read;
neverallow appdomain system_server:udp_socket {
accept append bind create ioctl listen lock name_bind
diff --git a/private/bootanim.te b/private/bootanim.te
index fd95e41..41c9179 100644
--- a/private/bootanim.te
+++ b/private/bootanim.te
@@ -5,5 +5,8 @@
# b/68864350
dontaudit bootanim unlabeled:dir search;
+# Bootanim should not be reading default vendor-defined properties.
+dontaudit bootanim vendor_default_prop:file read;
+
# Read ro.boot.bootreason b/30654343
get_prop(bootanim, bootloader_boot_reason_prop)
diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index 97203ba..cf709df 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@@ -126,6 +126,9 @@
unix_socket_send(surfaceflinger, statsdw, statsd)
')
+# Surfaceflinger should not be reading default vendor-defined properties.
+dontaudit surfaceflinger vendor_default_prop:file read;
+
###
### Neverallow rules
###