Ignore access to /proc/zoneinfo for apps Similarly to /proc/vmstat, apps are not allowed to access this file. Ignore the audit message, as this is the most reported denial in our droidfood population. Test: m selinux_policy Change-Id: I88ed1aa1bfad33b462d971e739ca65791cb0227b

commit: d601699002488996b424254a1ed2bf96271928a9 [log] [tgz]
author: Thiébaud Weksteen <tweek@google.com> Wed Oct 26 15:35:49 2022 +1100
committer: Thiébaud Weksteen <tweek@google.com> Wed Oct 26 19:44:27 2022 +1100
tree: daf743c0e3d1fa5039b121f365070de1ad81e06e
parent: 3002f1afe2c81a1bb9bd74fccda2eaebc12aef3a [diff]
diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index 26077f3..f3cc07f 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te

@@ -153,9 +153,12 @@
 
 # These have been disallowed since Android O.
 # For P, we assume that apps are safely handling the denial.
-dontaudit untrusted_app_all proc_stat:file read;
-dontaudit untrusted_app_all proc_vmstat:file read;
-dontaudit untrusted_app_all proc_uptime:file read;
+dontaudit untrusted_app_all {
+  proc_stat
+  proc_uptime
+  proc_vmstat
+  proc_zoneinfo
+}:file read;
 
 # Allow the allocation and use of ptys
 # Used by: https://play.google.com/store/apps/details?id=jackpal.androidterm
commit	d601699002488996b424254a1ed2bf96271928a9	[log] [tgz]
author	Thiébaud Weksteen <tweek@google.com>	Wed Oct 26 15:35:49 2022 +1100
committer	Thiébaud Weksteen <tweek@google.com>	Wed Oct 26 19:44:27 2022 +1100
tree	daf743c0e3d1fa5039b121f365070de1ad81e06e
parent	3002f1afe2c81a1bb9bd74fccda2eaebc12aef3a [diff]