Merge "system_app: suppress denials for disallowed services" am: fce64b06cc Change-Id: I3a7c5ca3bb0b664b76cb8a470535cdf6b4aa9c83

commit: 9201edac8b2ab5acb04e6890c6294a945f6ff9bb [log] [tgz]
author: Jeff Vander Stoep <jeffv@google.com> Sun Oct 15 02:12:57 2017 +0000
committer: android-build-merger <android-build-merger@google.com> Sun Oct 15 02:12:57 2017 +0000
tree: 41a217502ae5406dbe6f342ccdf4ba4a563424d0
parent: 06f6472db053f0c831f5282bd55f47fdc8443fef [diff]
parent: fce64b06ccb5d2a49b82098278024a27df827d66 [diff]
diff --git a/private/system_app.te b/private/system_app.te
index 904b851..0381c4f 100644
--- a/private/system_app.te
+++ b/private/system_app.te

@@ -67,6 +67,15 @@
   -vold_service
   -vr_hwc_service
 }:service_manager find;
+# suppress denials for services system_app should not be accessing.
+dontaudit system_app {
+  dumpstate_service
+  installd_service
+  netd_service
+  virtual_touchpad_service
+  vold_service
+  vr_hwc_service
+}:service_manager find;
 
 allow system_app keystore:keystore_key {
     get_state
commit	9201edac8b2ab5acb04e6890c6294a945f6ff9bb	[log] [tgz]
author	Jeff Vander Stoep <jeffv@google.com>	Sun Oct 15 02:12:57 2017 +0000
committer	android-build-merger <android-build-merger@google.com>	Sun Oct 15 02:12:57 2017 +0000
tree	41a217502ae5406dbe6f342ccdf4ba4a563424d0
parent	06f6472db053f0c831f5282bd55f47fdc8443fef [diff]
parent	fce64b06ccb5d2a49b82098278024a27df827d66 [diff]