Ignore access from system_app to sysfs_zram avc: denied { search } for name="zram0" dev="sysfs" ino=59188 scontext=u:r:system_app:s0 tcontext=u:object_r:sysfs_zram:s0 tclass=dir permissive=0 Bug: 227231787 Test: build policy Change-Id: I3c53784ef5ea85a95e1e517007df2814803b3271

commit: bcc7cc1606fbf57588a71bf38300b9b45d4219db [log] [tgz]
author: Thiébaud Weksteen <tweek@google.com> Thu May 19 14:38:50 2022 +1000
committer: Thiébaud Weksteen <tweek@google.com> Thu May 19 14:38:50 2022 +1000
tree: eedeb4e56e47c10db97bd69d8e62fba887ce5517
parent: ce2b6da673afecfc52d0acc9e967bcf460335972 [diff]
diff --git a/private/system_app.te b/private/system_app.te
index 01956f4..202ef13 100644
--- a/private/system_app.te
+++ b/private/system_app.te

@@ -113,6 +113,9 @@
 # suppress denials caused by debugfs_tracing
 dontaudit system_app debugfs_tracing:file rw_file_perms;
 
+# Ignore access to zram when Debug.getMemInfo is called.
+dontaudit system_app sysfs_zram:dir search;
+
 allow system_app keystore:keystore_key {
     get_state
     get
commit	bcc7cc1606fbf57588a71bf38300b9b45d4219db	[log] [tgz]
author	Thiébaud Weksteen <tweek@google.com>	Thu May 19 14:38:50 2022 +1000
committer	Thiébaud Weksteen <tweek@google.com>	Thu May 19 14:38:50 2022 +1000
tree	eedeb4e56e47c10db97bd69d8e62fba887ce5517
parent	ce2b6da673afecfc52d0acc9e967bcf460335972 [diff]