From c87484936fd4cfba53652ad13ff59fbf56282316 Mon Sep 17 00:00:00 2001 From: Nolen Johnson Date: Wed, 24 Apr 2024 21:48:11 -0400 Subject: [PATCH] exynos9610: sepolicy: Don't audit useless dir searches Change-Id: I6cf989e37ff220bd6904ac22372d403b11ad0c7b --- sepolicy/vendor/gpsd.te | 2 +- sepolicy/vendor/hal_gnss_default.te | 2 ++ sepolicy/vendor/vendor_ims_app.te | 4 ++-- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/sepolicy/vendor/gpsd.te b/sepolicy/vendor/gpsd.te index c92c0ee..5be0be8 100644 --- a/sepolicy/vendor/gpsd.te +++ b/sepolicy/vendor/gpsd.te @@ -1,6 +1,6 @@ allow gpsd gnss_device:chr_file rw_file_perms; -allow gpsd system_data_file:dir search; +dontaudit gpsd system_data_file:dir search; allow gpsd gps_vendor_data_file:dir create_dir_perms; allow gpsd gps_vendor_data_file:file create_file_perms; diff --git a/sepolicy/vendor/hal_gnss_default.te b/sepolicy/vendor/hal_gnss_default.te index 6106c89..8e31e09 100644 --- a/sepolicy/vendor/hal_gnss_default.te +++ b/sepolicy/vendor/hal_gnss_default.te @@ -1 +1,3 @@ +dontaudit hal_gnss_default system_data_file:dir search; + allow hal_gnss_default gpsd:unix_stream_socket connectto; diff --git a/sepolicy/vendor/vendor_ims_app.te b/sepolicy/vendor/vendor_ims_app.te index 5978752..40d8b29 100644 --- a/sepolicy/vendor/vendor_ims_app.te +++ b/sepolicy/vendor/vendor_ims_app.te @@ -13,8 +13,8 @@ allow vendor_ims_app audioserver_service:service_manager find; allow vendor_ims_app radio_data_file:dir rw_dir_perms; allow vendor_ims_app radio_data_file:file create_file_perms; -allow vendor_ims_app system_data_file:dir search; -allow vendor_ims_app user_profile_root_file:dir search; +dontaudit vendor_ims_app system_data_file:dir search; +dontaudit vendor_ims_app user_profile_root_file:dir r_dir_perms;; allow vendor_ims_app misc_vendor_data_file:dir create_dir_perms; allow vendor_ims_app misc_vendor_data_file:file create_file_perms; -- 2.20.1