Merge "gmscore_app: suppress denials for system_data_file" am: e8419e5832 am: aa9d7ceaf0

Change-Id: I93d1b5e0065728f4dcceb1431342c918be55c1ea
2019-12-13 10:17:10 +00:00 · 2019-12-13 10:17:10 +00:00 · f6f0501747
commit f6f0501747
parent 2f4c6dfc35 aa9d7ceaf0
2 changed files with 7 additions and 0 deletions
--- a/private/bug_map
+++ b/private/bug_map
@ -2,6 +2,7 @@ bluetooth storage_stub_file dir b/145267097
 dnsmasq netd fifo_file b/77868789
 dnsmasq netd unix_stream_socket b/77868789
 gmscore_app storage_stub_file dir b/145267097
+gmscore_app system_data_file dir b/146166941
 init app_data_file file b/77873135
 init cache_file blk_file b/77873135
 init logpersist file b/77873135
--- a/private/gmscore_app.te
+++ b/private/gmscore_app.te
@ -64,6 +64,12 @@ dontaudit gmscore_app sysfs_loop:file r_file_perms;
 dontaudit gmscore_app wifi_prop:file r_file_perms;
 dontaudit gmscore_app { wifi_prop exported_wifi_prop }:file r_file_perms;

+# Attempts to write to system_data_file is generally a sign
+# that apps are attempting to access encrypted storage before
+# the ACTION_USER_UNLOCKED intent is delivered. Suppress this
+# denial to prevent apps from spamming the logs.
+dontaudit gmscore_app system_data_file:dir write;
+
 # Access the network
 net_domain(gmscore_app)