Merge "Suppress denials for non-API access" am: ec4d4a5ed3

am: c25c474c2b Change-Id: I1d70c2b8ecdf21bdd9b19edb66d4ccb9e47e213e
2018-01-18 20:12:38 +00:00 · 2018-01-18 20:12:38 +00:00 · 98b70dcb04
commit 98b70dcb04
parent 38b224666f c25c474c2b
1 changed files with 4 additions and 1 deletions
--- a/private/priv_app.te
+++ b/private/priv_app.te
@ -122,11 +122,14 @@ allow priv_app traced:fd use;
 allow priv_app traced_tmpfs:file { read write getattr map };
 unix_socket_connect(priv_app, traced_producer, traced)

-# suppress denials when safetynet scans /system
+# suppress denials for non-API accesses.
 dontaudit priv_app exec_type:file getattr;
 dontaudit priv_app device:dir read;
 dontaudit priv_app proc_interrupts:file read;
 dontaudit priv_app proc_modules:file read;
+dontaudit priv_app proc_version:file read;
+dontaudit priv_app wifi_prop:file read;
+dontaudit priv_app net_dns_prop:file read;

 # allow privileged apps to use UDP sockets provided by the system server but not
 # modify them other than to connect