Hide some denials. These denials occur fairly often, causing some logspam. Bug: 77225170 Test: Boot device. Merged-In: Icd73a992aee44007d0873743f706758f9a19a112 Change-Id: Icd73a992aee44007d0873743f706758f9a19a112 (cherry picked from commit a66d1a4543fc6d43fe2e798bb81347d1097227cf)

commit: d93ef542bafec5953ed8ed7f4fb040e75c86a522 [log] [tgz]
author: Joel Galenson <jgalenson@google.com> Mon Mar 26 16:37:42 2018 -0700
committer: Joel Galenson <jgalenson@google.com> Wed Mar 28 15:17:02 2018 -0700
tree: 3858377298bab3e3db78397a04f147f6c2ef244e
parent: c22f97119522920a7ce48e01d52d39b3ae39bd8f [diff]
diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index 5918f63..5d0461d 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te

@@ -124,3 +124,12 @@
 # allow untrusted apps to use UDP sockets provided by the system server but not
 # modify them other than to connect
 allow untrusted_app_all system_server:udp_socket { connect getattr read recvfrom sendto write };
+
+# This is allowed for targetSdkVersion <= 25 but disallowed on newer versions.
+dontaudit untrusted_app_all net_dns_prop:file read;
+
+# These have been disallowed since Android O.
+# For P, we assume that apps are safely handling the denial.
+dontaudit untrusted_app_all proc_stat:file read;
+dontaudit untrusted_app_all proc_vmstat:file read;
+dontaudit untrusted_app_all proc_uptime:file read;
commit	d93ef542bafec5953ed8ed7f4fb040e75c86a522	[log] [tgz]
author	Joel Galenson <jgalenson@google.com>	Mon Mar 26 16:37:42 2018 -0700
committer	Joel Galenson <jgalenson@google.com>	Wed Mar 28 15:17:02 2018 -0700
tree	3858377298bab3e3db78397a04f147f6c2ef244e
parent	c22f97119522920a7ce48e01d52d39b3ae39bd8f [diff]