commit 74828e65d59b36ae71717375565e1003b8e564d7
author Treehugger Robot <treehugger-gerrit@google.com> Thu Jan 18 23:11:09 2018 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Thu Jan 18 23:11:09 2018 +0000
tree 13b334d82bd6c8abbe410695470346ec1854459b
parent 3ac8456fed0be0139e356bf0ea14feb07f9098db
parent afca82a3bbbe4c211d39dc6465020ce286c5bc4e

Merge "Add default namespaces of odm properties"

private/priv_app.te

diff --git a/private/priv_app.te b/private/priv_app.te
index 9909e06..ec52d56 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -122,11 +122,14 @@
 allow priv_app traced_tmpfs:file { read write getattr map };
 unix_socket_connect(priv_app, traced_producer, traced)
 
-# suppress denials when safetynet scans /system
+# suppress denials for non-API accesses.
 dontaudit priv_app exec_type:file getattr;
 dontaudit priv_app device:dir read;
 dontaudit priv_app proc_interrupts:file read;
 dontaudit priv_app proc_modules:file read;
+dontaudit priv_app proc_version:file read;
+dontaudit priv_app wifi_prop:file read;
+dontaudit priv_app net_dns_prop:file read;
 
 # allow privileged apps to use UDP sockets provided by the system server but not
 # modify them other than to connect

private/system_server.te

diff --git a/private/system_server.te b/private/system_server.te
index 92988b4..62f3a86 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -280,7 +280,6 @@
 r_dir_file(system_server, sysfs_wakeup_reasons)
 
 allow system_server sysfs_nfc_power_writable:file rw_file_perms;
-allow system_server sysfs_devices_system_cpu:file w_file_perms;
 allow system_server sysfs_mac_address:file r_file_perms;
 allow system_server sysfs_power:dir search;
 allow system_server sysfs_power:file rw_file_perms;