Don't audit storageproxyd unlabeled access

Test: m sepolicy Bug: 197502330 Change-Id: Ibe7292dc659dd454d3c842f6c48d2d90bc77117d
2022-03-03 13:15:59 -08:00 · 2022-03-03 13:15:59 -08:00 · 9fe6aa97af
commit 9fe6aa97af
parent 9ba4c9120d
1 changed files with 4 additions and 0 deletions
--- a/whitechapel_pro/tee.te
+++ b/whitechapel_pro/tee.te
@ -11,3 +11,7 @@ allow tee sg_device:chr_file rw_file_perms;

 # Allow storageproxyd access to gsi_public_metadata_file
 read_fstab(tee)
+
+# storageproxyd starts before /data is mounted. It handles /data not being there
+# gracefully. However, attempts to access /data trigger a denial.
+dontaudit tee unlabeled:dir { search };