Hide sys_rawio SELinux denials. We often see the following denials: avc: denied { sys_rawio } for comm="update_engine" capability=17 scontext=u:r:update_engine:s0 tcontext=u:r:update_engine:s0 tclass=capability permissive=0 avc: denied { sys_rawio } for comm="boot@1.0-servic" capability=17 scontext=u:r:hal_bootctl_default:s0 tcontext=u:r:hal_bootctl_default:s0 tclass=capability permissive=0 These are benign, so we are hiding them. Bug: 37778617 Test: Boot device. Change-Id: Iac196653933d79aa9cdeef7670076f0efc97b44a

commit: bf4afae14049bfe9be37aa72db958cbb6b609377 [log] [tgz]
author: Joel Galenson <jgalenson@google.com> Tue Apr 10 10:46:45 2018 -0700
committer: Joel Galenson <jgalenson@google.com> Tue Apr 10 14:23:25 2018 -0700
tree: a87f60beb3b1208154d11a6316499d7c2cf4bd63
parent: d4dd2f57106b468327d9ba1243510ccdffc9a09c [diff] [blame]
diff --git a/public/hal_bootctl.te b/public/hal_bootctl.te
index 8b240b1..181de4a 100644
--- a/public/hal_bootctl.te
+++ b/public/hal_bootctl.te

@@ -4,3 +4,5 @@
 
 add_hwservice(hal_bootctl_server, hal_bootctl_hwservice)
 allow hal_bootctl_client hal_bootctl_hwservice:hwservice_manager find;
+
+dontaudit hal_bootctl self:capability sys_rawio;
commit	bf4afae14049bfe9be37aa72db958cbb6b609377	[log] [tgz]
author	Joel Galenson <jgalenson@google.com>	Tue Apr 10 10:46:45 2018 -0700
committer	Joel Galenson <jgalenson@google.com>	Tue Apr 10 14:23:25 2018 -0700
tree	a87f60beb3b1208154d11a6316499d7c2cf4bd63
parent	d4dd2f57106b468327d9ba1243510ccdffc9a09c [diff] [blame]