dontaudit user_profile_foreign_dex_data_file open, read. To avoid audit messages that arise because there is no way to create a file without also trying to open and read it. Bug: 28241500 Change-Id: Id1daaf190b36eda9775e00701cd7241991f65a2a

commit: dfa29865722c33fb4b855e0ff82dc58b85769e79 [log] [tgz]
author: Richard Uhler <ruhler@google.com> Tue May 10 13:59:19 2016 -0700
committer: Richard Uhler <ruhler@google.com> Tue May 10 15:25:35 2016 -0700
tree: 03c619b79e7ecf18be384072a5130ad09164c797
parent: 39cfed0b23c542cf4b95e0e2835c1886914f88ce [diff]
diff --git a/app.te b/app.te
index 56cecb5..f2adf37 100644
--- a/app.te
+++ b/app.te

@@ -127,6 +127,10 @@
 # Profiles for foreign dex files are just markers and only need create permissions.
 allow appdomain user_profile_foreign_dex_data_file:dir { search write add_name };
 allow appdomain user_profile_foreign_dex_data_file:file create;
+# There is no way to create user_profile_foreign_dex_data_file without
+# generating open/read denials. These permissions should not be granted and the
+# denial is harmless. dontaudit to suppress the denial.
+dontaudit appdomain user_profile_foreign_dex_data_file:file { open read };
 
 # Send heap dumps to system_server via an already open file descriptor
 # % adb shell am set-watch-heap com.android.systemui 1048576
commit	dfa29865722c33fb4b855e0ff82dc58b85769e79	[log] [tgz]
author	Richard Uhler <ruhler@google.com>	Tue May 10 13:59:19 2016 -0700
committer	Richard Uhler <ruhler@google.com>	Tue May 10 15:25:35 2016 -0700
tree	03c619b79e7ecf18be384072a5130ad09164c797
parent	39cfed0b23c542cf4b95e0e2835c1886914f88ce [diff]