Allow some denials we have seen.

am: 4398397246

Change-Id: I89ad576fcaf0be0362d00fcd9b4a00a49ce9a660

sepolicy/vendor/dnsmasq.te

@@ -0,0 +1 @@
+dontaudit dnsmasq kernel:system module_request;

sepolicy/vendor/hal_graphics_allocator_default.te

@@ -0,0 +1 @@
+dontaudit hal_graphics_allocator_default kernel:system module_request;

sepolicy/vendor/hal_graphics_composer_default.te

@@ -34,3 +34,5 @@ userdebug_or_eng(`
         allow hal_graphics_composer_default diag_device:chr_file rw_file_perms;
 ')
 dontaudit hal_graphics_composer_default diag_device:chr_file rw_file_perms;
+
+dontaudit hal_graphics_composer_default kernel:system module_request;

sepolicy/vendor/netmgrd.te

@@ -35,6 +35,7 @@ wakelock_use(netmgrd)
 
 #Allow netutils usage
 domain_auto_trans(netmgrd, netutils_wrapper_exec, netutils_wrapper)
+allow netmgrd netutils_wrapper:process sigkill;
 
 #Allow diag logging
 allow netmgrd sysfs_timestamp_switch:file { read open };

sepolicy/vendor/system_server.te

@@ -24,3 +24,5 @@ dontaudit system_server hal_audio_default:file write;
 dontaudit system_server appdomain:file write;
 
 set_prop(system_server, public_vendor_system_prop)
+
+dontaudit system_server self:capability sys_module;

sepolicy/vendor/wcnss_service.te

@@ -40,3 +40,5 @@ allow wcnss_service sysfs_soc:file r_file_perms;
 
 # request_firmware causes a denial for /firmware. It can be safely ignored
 dontaudit wcnss_service firmware_file:dir search;
+
+r_dir_file(wcnss_service, sysfs_net)