display: dontaudit various domains for read/search sysfs_msm_subsys am: d2029e9577

Change-Id: I6e7372a690dc6e919446e66b0b2ec622a0901ad1

sepolicy/vendor/app.te

@@ -1,2 +1,5 @@
 # For the camera app
 get_prop(appdomain, camera_prop)
+
+dontaudit appdomain sysfs_msm_subsys:dir search;
+dontaudit appdomain sysfs_msm_subsys:file r_file_perms;

sepolicy/vendor/bootanim.te

@@ -8,3 +8,6 @@ dontaudit bootanim system_data_file:dir read;
 
 # TODO(b/37205419): Remove upon resolution
 dontaudit bootanim kernel:system module_request;
+
+dontaudit bootanim sysfs_msm_subsys:dir search;
+dontaudit bootanim sysfs_msm_subsys:file r_file_perms;

sepolicy/vendor/cameraserver.te

@@ -8,4 +8,7 @@ allow cameraserver sysfs_camera:dir search;
 
 allow cameraserver system_server:unix_stream_socket { read write };
 
+dontaudit cameraserver sysfs_msm_subsys:dir search;
+dontaudit cameraserver sysfs_msm_subsys:file r_file_perms;
+
 binder_call(cameraserver, mediacodec)

sepolicy/vendor/hal_graphics_allocator_default.te

@@ -1 +1,4 @@
 dontaudit hal_graphics_allocator_default kernel:system module_request;
+
+dontaudit hal_graphics_allocator_default sysfs_msm_subsys:dir search;
+dontaudit hal_graphics_allocator_default sysfs_msm_subsys:file r_file_perms;

sepolicy/vendor/surfaceflinger.te

@@ -5,3 +5,6 @@ allow surfaceflinger debugfs_ion:dir search;
 
 typeattribute surfaceflinger system_writes_vendor_properties_violators;
 set_prop(surfaceflinger, public_vendor_system_prop)
+
+dontaudit surfaceflinger sysfs_msm_subsys:dir search;
+dontaudit surfaceflinger sysfs_msm_subsys:file r_file_perms;

sepolicy/vendor/system_server.te

@@ -23,3 +23,6 @@ typeattribute system_server system_writes_vendor_properties_violators;
 set_prop(system_server, public_vendor_system_prop)
 
 dontaudit system_server self:capability sys_module;
+
+dontaudit system_server sysfs_msm_subsys:dir search;
+dontaudit system_server sysfs_msm_subsys:file r_file_perms;