app: audit usage of ion ioctls Test: builds and boots on Bullhead with no selinux audit messages. Bug: 29795149 Bug: 30400942 Change-Id: I93295424a03488234b233d5e2f86d3bf329e53fd

commit: 96a85d12c8467c064647dd27da57628a9a0547da [log] [tgz]
author: Jeff Vander Stoep <jeffv@google.com> Sun Oct 02 21:06:23 2016 -0700
committer: Jeff Vander Stoep <jeffv@google.com> Sun Oct 02 21:32:52 2016 -0700
tree: d4448b575aa104b6df5683f634321e33c27ec9fb
parent: cd623e3459007e66e178e181280911bbb6fd3dec [diff]
diff --git a/app.te b/app.te
index 2ac243a..0617e73 100644
--- a/app.te
+++ b/app.te

@@ -239,7 +239,9 @@
 
 allow { appdomain -isolated_app } ion_device:chr_file rw_file_perms;
 # TODO is write really necessary ?
-auditallow { appdomain -isolated_app } ion_device:chr_file { write append };
+auditallow appdomain ion_device:chr_file { write append };
+# TODO audit ion ioctl usage by apps
+auditallow appdomain ion_device:chr_file ioctl;
 
 # TODO: switch to meminfo service
 allow appdomain proc_meminfo:file r_file_perms;
commit	96a85d12c8467c064647dd27da57628a9a0547da	[log] [tgz]
author	Jeff Vander Stoep <jeffv@google.com>	Sun Oct 02 21:06:23 2016 -0700
committer	Jeff Vander Stoep <jeffv@google.com>	Sun Oct 02 21:32:52 2016 -0700
tree	d4448b575aa104b6df5683f634321e33c27ec9fb
parent	cd623e3459007e66e178e181280911bbb6fd3dec [diff]