dontaudit untrusted_app exec_type:file getattr Programs routinely scan through /system, looking at the files there. Don't generate an SELinux denial when it happens. Bug: 21120228 Change-Id: I85367406e7ffbb3e24ddab6f97448704df990603

commit: f6d12c6979128843a0bddee8de8f61f8ed1b646f [log] [tgz]
author: Nick Kralevich <nnk@google.com> Wed May 13 16:06:34 2015 -0700
committer: Nick Kralevich <nnk@google.com> Wed May 13 16:06:34 2015 -0700
tree: e667de5fe614ab0fa9458da3c864a3813fc38962
parent: 415f0ba73c645c9b53ba701931d9ba041b967f75 [diff]
diff --git a/untrusted_app.te b/untrusted_app.te
index 7a9e2dd..4e783f1 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te

@@ -111,6 +111,11 @@
   allow untrusted_app perfprofd_data_file:file r_file_perms;
   allow untrusted_app perfprofd_data_file:dir r_dir_perms;
 ')
+
+# Programs routinely attempt to scan through /system, looking
+# for files. Suppress the denials when they occur.
+dontaudit untrusted_app exec_type:file getattr;
+
 ###
 ### neverallow rules
 ###
commit	f6d12c6979128843a0bddee8de8f61f8ed1b646f	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Wed May 13 16:06:34 2015 -0700
committer	Nick Kralevich <nnk@google.com>	Wed May 13 16:06:34 2015 -0700
tree	e667de5fe614ab0fa9458da3c864a3813fc38962
parent	415f0ba73c645c9b53ba701931d9ba041b967f75 [diff]