gmscore_app: suppress denials for system_data_file
This denial is generally a sign that apps are attempting to access
encrypted storage before the ACTION_USER_UNLOCKED intent is delivered.
Suppress this denial to prevent logspam.
While gmscore_app is running in permissive mode, there might be other
denials for related actions (that won't show up in enforcing mode after
the first action is denied). This change adds a bug_map entry to track
those denials and prevent presubmit flakes.
Bug: 142672293
Test: Happy builds
Change-Id: Id2f8f8ff5cde40e74be24daa0b1100b91a7a4dbb
diff --git a/private/bug_map b/private/bug_map
index 01b6b16..076aeba 100644
--- a/private/bug_map
+++ b/private/bug_map
@@ -2,6 +2,7 @@
dnsmasq netd fifo_file b/77868789
dnsmasq netd unix_stream_socket b/77868789
gmscore_app storage_stub_file dir b/145267097
+gmscore_app system_data_file dir b/146166941
init app_data_file file b/77873135
init cache_file blk_file b/77873135
init logpersist file b/77873135
diff --git a/private/gmscore_app.te b/private/gmscore_app.te
index ec98717..588156f 100644
--- a/private/gmscore_app.te
+++ b/private/gmscore_app.te
@@ -64,6 +64,12 @@
dontaudit gmscore_app wifi_prop:file r_file_perms;
dontaudit gmscore_app { wifi_prop exported_wifi_prop }:file r_file_perms;
+# Attempts to write to system_data_file is generally a sign
+# that apps are attempting to access encrypted storage before
+# the ACTION_USER_UNLOCKED intent is delivered. Suppress this
+# denial to prevent apps from spamming the logs.
+dontaudit gmscore_app system_data_file:dir write;
+
# Access the network
net_domain(gmscore_app)