Adding intermittent taimen denials to bug_map and adding dontaudit

These intermittent denials are making it look like taimen boot tests are occasionally unhealthy due to untracked denials. This will remove the failing tests issue. Bug: 68705274 Test: these intermittent denials are now tracked or properly dontaudit'ed Change-Id: I342cff19d7bde73fee93fd8461c9c0680511e23c Merged-In: I342cff19d7bde73fee93fd8461c9c0680511e23c (cherry picked from commit 552978d27c)
2026-02-01 15:09:54 +00:00 · 2017-11-03 15:13:48 -07:00
parent 79c6875ae1
commit 8760ea13c8
2 changed files with 5 additions and 0 deletions
--- a/sepolicy/vendor/bug_map
+++ b/sepolicy/vendor/bug_map
@@ -3,3 +3,6 @@ zygote cgroup file 67860826
 shell ramdump_exec file 68002524
 system_server sysfs_msm_subsys dir 68003344
 surfaceflinger vendor_firmware_file dir 68213100
+surfaceflinger unlabeled dir 68864350
+hal_graphics_composer_default unlabeled dir 68864350
+bootanim unlabeled dir 68864350
--- a/sepolicy/vendor/netutils_wrapper.te
+++ b/sepolicy/vendor/netutils_wrapper.te
@@ -2,6 +2,8 @@
 allow netutils_wrapper netmgrd:fd use;
 allow netutils_wrapper netmgrd:fifo_file { getattr read write append };

+dontaudit netutils_wrapper netmgrd:socket { read write };
+dontaudit netutils_wrapper netmgrd:unix_stream_socket { read write };
 dontaudit netutils_wrapper netmgrd:netlink_socket { getattr read write append };
 dontaudit netutils_wrapper kernel:system module_request;
 dontaudit netutils_wrapper self:capability sys_module;