commit 8200faed612331f91e28a12cb93fdafd28e185aa
author Jeff Vander Stoep <jeffv@google.com> Thu Apr 02 13:36:17 2020 +0200
committer Jeff Vander Stoep <jeffv@google.com> Thu Apr 02 14:43:17 2020 +0200
tree f92d97fbd718f228808042d8c17312676a5e1a0b
parent 16ad48d0d879eeb8d12198e07cceea8465aeae49

Reduce graphics logspam

There is no change in behavior. These denials were already
being blocked.

Bug: 79617173
Test: build
Change-Id: Iffd1e5ba42854615eeea9490fe9150678ac98796
Merged-In: Iffd1e5ba42854615eeea9490fe9150678ac98796
(cherry picked from commit 67896eef072e9e232a19475c594986d7dc9b913d)

private/app.te

diff --git a/private/app.te b/private/app.te
index 5590ca5..a03bcb0 100644
--- a/private/app.te
+++ b/private/app.te
@@ -19,6 +19,8 @@
 # Attempting to do so will be blocked by both selinux and unix
 # permissions.
 dontaudit appdomain system_data_file:dir write;
+# Apps should not be reading vendor-defined properties.
+dontaudit appdomain vendor_default_prop:file read;
 
 neverallow appdomain system_server:udp_socket {
         accept append bind create ioctl listen lock name_bind

private/bootanim.te

diff --git a/private/bootanim.te b/private/bootanim.te
index 20ff193..4740560 100644
--- a/private/bootanim.te
+++ b/private/bootanim.te
@@ -4,3 +4,6 @@
 
 # b/68864350
 dontaudit bootanim unlabeled:dir search;
+
+# Bootanim should not be reading default vendor-defined properties.
+dontaudit bootanim vendor_default_prop:file read;

private/surfaceflinger.te

diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index 97203ba..cf709df 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@@ -126,6 +126,9 @@
     unix_socket_send(surfaceflinger, statsdw, statsd)
 ')
 
+# Surfaceflinger should not be reading default vendor-defined properties.
+dontaudit surfaceflinger vendor_default_prop:file read;
+
 ###
 ### Neverallow rules
 ###