From bedd866505fd49a20b5d81f8705d67184866fc6e Mon Sep 17 00:00:00 2001
From: Adam Shih <adamshih@google.com>
Date: Wed, 16 Mar 2022 14:08:09 +0800
Subject: [PATCH] reject mnt_vendor_file access in user ROM

Bug: 224429437
Test: android.security.cts.SELinuxHostTest#testNoBugreportDenials
Change-Id: I318f11866f7b9c6cc0b7ecf151f789f35ab290cd
---
 whitechapel_pro/hal_dumpstate_default.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/whitechapel_pro/hal_dumpstate_default.te b/whitechapel_pro/hal_dumpstate_default.te
index c9fd1ac0..0e4c34cf 100644
--- a/whitechapel_pro/hal_dumpstate_default.te
+++ b/whitechapel_pro/hal_dumpstate_default.te
@@ -111,6 +111,7 @@ userdebug_or_eng(`
   allow hal_dumpstate_default vendor_dri_debugfs:file r_file_perms;
 ')
 
+dontaudit hal_dumpstate_default mnt_vendor_file:dir search;
 dontaudit hal_dumpstate_default vendor_dri_debugfs:dir r_dir_perms;
 dontaudit hal_dumpstate_default vendor_dri_debugfs:file r_file_perms;
 dontaudit hal_dumpstate_default debugfs:dir r_dir_perms;