From e2156d071e49d9aeb5dabe9b10b4a2f833d476dd Mon Sep 17 00:00:00 2001 From: Victor Hsieh Date: Tue, 22 Feb 2022 23:05:06 +0000 Subject: [PATCH] Dontaudit property access by odrefresh in the VM Bug: 210030607 Test: composd_cmd test-compile, no more denials in vm.log Change-Id: I728398f812680354b813d03e0d23eecca330c47e --- microdroid/system/private/odrefresh.te | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/microdroid/system/private/odrefresh.te b/microdroid/system/private/odrefresh.te index d8b4392ea..be11b697c 100644 --- a/microdroid/system/private/odrefresh.te +++ b/microdroid/system/private/odrefresh.te @@ -30,3 +30,8 @@ allow odrefresh compos:fifo_file read; # (unless specified otherwise). Without allowing the use, the execution will # fail immediately. See b/210909688. allow odrefresh compos:fd use; + +# Silently ignore the access to properties. Unlike on Android, parameters +# should be passed from command line to avoid global state. +dontaudit odrefresh property_socket:sock_file write; +dontaudit odrefresh dalvik_config_prop:file read;