From 9fe6aa97af4d094b1b00b21952857bc20cfd7ba2 Mon Sep 17 00:00:00 2001
From: Tri Vo <trong@google.com>
Date: Thu, 3 Mar 2022 13:15:59 -0800
Subject: [PATCH] Don't audit storageproxyd unlabeled access

Test: m sepolicy
Bug: 197502330
Change-Id: Ibe7292dc659dd454d3c842f6c48d2d90bc77117d
---
 whitechapel_pro/tee.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/whitechapel_pro/tee.te b/whitechapel_pro/tee.te
index f93bf59e..58228b5a 100644
--- a/whitechapel_pro/tee.te
+++ b/whitechapel_pro/tee.te
@@ -11,3 +11,7 @@ allow tee sg_device:chr_file rw_file_perms;
 
 # Allow storageproxyd access to gsi_public_metadata_file
 read_fstab(tee)
+
+# storageproxyd starts before /data is mounted. It handles /data not being there
+# gracefully. However, attempts to access /data trigger a denial.
+dontaudit tee unlabeled:dir { search };