sepolicy: Adding dontaudit for qseecomd denials

This will silence AVC denials without allowing a permission by using dontaudit rules. Change-Id: Ib1fa29f29886e9d97b2b67fde12e3157648cf6cd
2020-06-21 20:12:56 +05:30 · 2020-06-21 20:12:56 +05:30 · 78a123a6ec
commit 78a123a6ec
parent 576f57cf1e
1 changed files with 2 additions and 0 deletions
--- a/qva/vendor/common/qseecomd.te
+++ b/qva/vendor/common/qseecomd.te
@ -38,6 +38,8 @@ allow tee graphics_device:dir r_dir_perms;
 allow tee graphics_device:chr_file r_file_perms;
 allow tee vendor_data_file:dir r_dir_perms;

+dontaudit tee rootfs:dir { read };
+
 wakelock_use(tee)
 r_dir_file(tee, firmware_file)
 allow tee vendor_qfp-daemon_data_file:dir create_dir_perms;