Merge "system_app: suppress denials for disallowed services"

commit: fce64b06ccb5d2a49b82098278024a27df827d66 [log] [tgz]
author: Treehugger Robot <treehugger-gerrit@google.com> Fri Oct 13 22:48:17 2017 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Fri Oct 13 22:48:17 2017 +0000
tree: 41a217502ae5406dbe6f342ccdf4ba4a563424d0
parent: 49bb11875a89e78733269c1f34e8a509d67bd702 [diff]
parent: 2d32d81d5a07b00dd5fa0171f82350ddf636221b [diff]
diff --git a/private/system_app.te b/private/system_app.te
index 904b851..0381c4f 100644
--- a/private/system_app.te
+++ b/private/system_app.te

@@ -67,6 +67,15 @@
   -vold_service
   -vr_hwc_service
 }:service_manager find;
+# suppress denials for services system_app should not be accessing.
+dontaudit system_app {
+  dumpstate_service
+  installd_service
+  netd_service
+  virtual_touchpad_service
+  vold_service
+  vr_hwc_service
+}:service_manager find;
 
 allow system_app keystore:keystore_key {
     get_state
commit	fce64b06ccb5d2a49b82098278024a27df827d66	[log] [tgz]
author	Treehugger Robot <treehugger-gerrit@google.com>	Fri Oct 13 22:48:17 2017 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Fri Oct 13 22:48:17 2017 +0000
tree	41a217502ae5406dbe6f342ccdf4ba4a563424d0
parent	49bb11875a89e78733269c1f34e8a509d67bd702 [diff]
parent	2d32d81d5a07b00dd5fa0171f82350ddf636221b [diff]