Don't audit search of /system/data/file in hal_drm Reduce the audit log spam caused by the anti-root check from widewine process. Bug: 393637335 Bug: 402971913 Change-Id: Icb37a1f012876d3f45723b040db5ba091ba58d97

commit: e176886ce0fffb440e437b2b5acc7eedfb9db1f6 [log] [tgz]
author: Kyle Zhang <kelzhan@google.com> Fri Mar 14 17:04:38 2025 -0700
committer: Kyle Zhang <kelzhan@google.com> Fri Mar 14 17:04:38 2025 -0700
tree: 122a019fb6fa49738656248ea4d6dd136fe0cf46
parent: adc158d8f3fb89a167084ee2ec0644aba3415c5e [diff] [blame]
diff --git a/private/hal_drm.te b/private/hal_drm.te
index e40252f..9044691 100644
--- a/private/hal_drm.te
+++ b/private/hal_drm.te

@@ -48,8 +48,9 @@
 
 allow hal_drm_server { appdomain -isolated_app }:fd use;
 
-# Reduce the audit log spam caused by the Rikers anti-root check (b/401297280)
+# Reduce the audit log spam caused by the Rikers anti-root check (b/393637335)
 dontaudit hal_drm system_userdir_file:dir search;
+dontaudit hal_drm system_data_file:dir search;
 
 # only allow unprivileged socket ioctl commands
 allowxperm hal_drm self:{ rawip_socket tcp_socket udp_socket }
commit	e176886ce0fffb440e437b2b5acc7eedfb9db1f6	[log] [tgz]
author	Kyle Zhang <kelzhan@google.com>	Fri Mar 14 17:04:38 2025 -0700
committer	Kyle Zhang <kelzhan@google.com>	Fri Mar 14 17:04:38 2025 -0700
tree	122a019fb6fa49738656248ea4d6dd136fe0cf46
parent	adc158d8f3fb89a167084ee2ec0644aba3415c5e [diff] [blame]