Merge "dontaudit untrusted_app exec_type:file getattr" into mnc-dev

commit: b5dc766536088ff863e5178bf68b7564e47a3bb2 [log] [tgz]
author: Nick Kralevich <nnk@google.com> Wed May 13 23:14:29 2015 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> Wed May 13 23:14:30 2015 +0000
tree: 75aae031227069e0ecb261e24a1345b03377faba
parent: 3526a6696fdc2b7d3b7a8fe452ce8b287160c42b [diff]
parent: f6d12c6979128843a0bddee8de8f61f8ed1b646f [diff]
diff --git a/untrusted_app.te b/untrusted_app.te
index 7a9e2dd..4e783f1 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te

@@ -111,6 +111,11 @@
   allow untrusted_app perfprofd_data_file:file r_file_perms;
   allow untrusted_app perfprofd_data_file:dir r_dir_perms;
 ')
+
+# Programs routinely attempt to scan through /system, looking
+# for files. Suppress the denials when they occur.
+dontaudit untrusted_app exec_type:file getattr;
+
 ###
 ### neverallow rules
 ###
commit	b5dc766536088ff863e5178bf68b7564e47a3bb2	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Wed May 13 23:14:29 2015 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	Wed May 13 23:14:30 2015 +0000
tree	75aae031227069e0ecb261e24a1345b03377faba
parent	3526a6696fdc2b7d3b7a8fe452ce8b287160c42b [diff]
parent	f6d12c6979128843a0bddee8de8f61f8ed1b646f [diff]