From 67896eef072e9e232a19475c594986d7dc9b913d Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Thu, 2 Apr 2020 13:36:17 +0200
Subject: [PATCH] Reduce graphics logspam

There is no change in behavior. These denials were already
being blocked.

Bug: 79617173
Test: build
Change-Id: Iffd1e5ba42854615eeea9490fe9150678ac98796
---
 private/app.te            | 2 ++
 private/bootanim.te       | 3 +++
 private/surfaceflinger.te | 3 +++
 3 files changed, 8 insertions(+)

diff --git a/private/app.te b/private/app.te
index 5590ca57b..a03bcb094 100644
--- a/private/app.te
+++ b/private/app.te
@@ -19,6 +19,8 @@ dontaudit appdomain storage_stub_file:dir getattr;
 # Attempting to do so will be blocked by both selinux and unix
 # permissions.
 dontaudit appdomain system_data_file:dir write;
+# Apps should not be reading vendor-defined properties.
+dontaudit appdomain vendor_default_prop:file read;
 
 neverallow appdomain system_server:udp_socket {
         accept append bind create ioctl listen lock name_bind
diff --git a/private/bootanim.te b/private/bootanim.te
index fd95e4173..41c9179e6 100644
--- a/private/bootanim.te
+++ b/private/bootanim.te
@@ -5,5 +5,8 @@ init_daemon_domain(bootanim)
 # b/68864350
 dontaudit bootanim unlabeled:dir search;
 
+# Bootanim should not be reading default vendor-defined properties.
+dontaudit bootanim vendor_default_prop:file read;
+
 # Read ro.boot.bootreason b/30654343
 get_prop(bootanim, bootloader_boot_reason_prop)
diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index 97203ba05..cf709df31 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@@ -126,6 +126,9 @@ userdebug_or_eng(`
     unix_socket_send(surfaceflinger, statsdw, statsd)
 ')
 
+# Surfaceflinger should not be reading default vendor-defined properties.
+dontaudit surfaceflinger vendor_default_prop:file read;
+
 ###
 ### Neverallow rules
 ###