Dontaudit denials caused by race with labeling. These denials seem to be caused by a race with the process that labels the files. While we work on fixing them, hide the denials. Bug: 68864350 Bug: 70180742 Test: Built policy. Change-Id: I58a32e38e6384ca55e865e9575dcfe7c46b2ed3c

commit: f7ec413844ad691c0c4863de4cc7a0719b12dc8e [log] [tgz]
author: Joel Galenson <jgalenson@google.com> Wed Feb 14 16:32:28 2018 -0800
committer: Joel Galenson <jgalenson@google.com> Wed Feb 14 17:07:13 2018 -0800
tree: 230bd08c1d45d230a7e74af50b20da89c0172f75
parent: 946b4b76f02563c609bb27cad79738a168eb04d4 [diff] [blame]
diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index 694bb2f..e64b8de 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te

@@ -115,3 +115,6 @@
 # Do not allow accessing SDcard files as unsafe ejection could
 # cause the kernel to kill the process.
 neverallow surfaceflinger sdcard_type:file rw_file_perms;
+
+# b/68864350
+dontaudit surfaceflinger unlabeled:dir search;
commit	f7ec413844ad691c0c4863de4cc7a0719b12dc8e	[log] [tgz]
author	Joel Galenson <jgalenson@google.com>	Wed Feb 14 16:32:28 2018 -0800
committer	Joel Galenson <jgalenson@google.com>	Wed Feb 14 17:07:13 2018 -0800
tree	230bd08c1d45d230a7e74af50b20da89c0172f75
parent	946b4b76f02563c609bb27cad79738a168eb04d4 [diff] [blame]