Add dontaudit statements to camera HAL policy.

The autogenerated dontaudit statements in tracking_denials are actually the correct policy. Move them to the correct file and add comments. Bug: 218585004 Test: build & camera check Change-Id: Ie0338f0d2a6fd0c589777a82c22a014e462bd5c2 (cherry picked from commit 26b2d2e33e)
2022-05-10 05:35:27 +00:00 · 2022-05-10 05:35:27 +00:00 · 2d44b5d5d0
commit 2d44b5d5d0
parent 0d81b693cf
2 changed files with 8 additions and 5 deletions
--- a/tracking_denials/hal_camera_default.te
+++ b/tracking_denials/hal_camera_default.te
@ -1,5 +0,0 @@
-# b/205780065
-dontaudit hal_camera_default system_data_file:dir { search };
-# b/218585004
-dontaudit hal_camera_default traced:unix_stream_socket { connectto };
-dontaudit hal_camera_default traced_producer_socket:sock_file { write };
--- a/whitechapel_pro/hal_camera_default.te
+++ b/whitechapel_pro/hal_camera_default.te
@ -91,3 +91,11 @@ allow hal_camera_default sysfs_leds:file r_file_perms;

 # Allow camera HAL to send trace packets to Perfetto
 userdebug_or_eng(`perfetto_producer(hal_camera_default)')
+
+# Some file searches attempt to access system data and are denied.
+# This is benign and can be ignored.
+dontaudit hal_camera_default system_data_file:dir { search };
+
+# google3 prebuilts attempt to connect to the wrong trace socket, ignore them.
+dontaudit hal_camera_default traced:unix_stream_socket { connectto };
+dontaudit hal_camera_default traced_producer_socket:sock_file { write };