From fcc3c266e62889b2cd6071695f4a16f28e2825e9 Mon Sep 17 00:00:00 2001
From: Mason Wang <masonwang@google.com>
Date: Tue, 3 Jan 2023 16:05:31 +0800
Subject: [PATCH] Suppress avc denials of sysfs [DO NOT MERGE]

Bug: 263548298
Test: TreeHugger build.
Signed-off-by: Mason Wang <masonwang@google.com>
Change-Id: Ic5545995b5dc38e4b5fecd70dabf5bcd6de2368d
---
 cheetah-sepolicy.mk                       | 2 +-
 cloudripper-sepolicy.mk                   | 2 +-
 panther-sepolicy.mk                       | 1 +
 ravenclaw-sepolicy.mk                     | 1 +
 tracking_denials/hal_dumpstate_default.te | 2 ++
 5 files changed, 6 insertions(+), 2 deletions(-)
 create mode 100644 tracking_denials/hal_dumpstate_default.te

diff --git a/cheetah-sepolicy.mk b/cheetah-sepolicy.mk
index 650b3af..3c342fa 100644
--- a/cheetah-sepolicy.mk
+++ b/cheetah-sepolicy.mk
@@ -1,3 +1,3 @@
 # sepolicy that are shared among devices using whitechapel
 BOARD_SEPOLICY_DIRS += device/google/pantah-sepolicy/cheetah
-
+BOARD_SEPOLICY_DIRS += device/google/pantah-sepolicy/tracking_denials
diff --git a/cloudripper-sepolicy.mk b/cloudripper-sepolicy.mk
index 98a403c..ae2ac7f 100644
--- a/cloudripper-sepolicy.mk
+++ b/cloudripper-sepolicy.mk
@@ -1,3 +1,3 @@
 # sepolicy that are shared among devices using whitechapel
 BOARD_SEPOLICY_DIRS += device/google/pantah-sepolicy/cloudripper
-
+BOARD_SEPOLICY_DIRS += device/google/pantah-sepolicy/tracking_denials
diff --git a/panther-sepolicy.mk b/panther-sepolicy.mk
index bdfe7db..4168459 100644
--- a/panther-sepolicy.mk
+++ b/panther-sepolicy.mk
@@ -1,2 +1,3 @@
 # sepolicy that are shared among devices using whitechapel
 BOARD_SEPOLICY_DIRS += device/google/pantah-sepolicy/panther
+BOARD_SEPOLICY_DIRS += device/google/pantah-sepolicy/tracking_denials
diff --git a/ravenclaw-sepolicy.mk b/ravenclaw-sepolicy.mk
index d41bbae..acc1bd3 100644
--- a/ravenclaw-sepolicy.mk
+++ b/ravenclaw-sepolicy.mk
@@ -1,2 +1,3 @@
 # sepolicy that are shared among devices using whitechapel
 BOARD_SEPOLICY_DIRS += device/google/pantah-sepolicy/ravenclaw
+BOARD_SEPOLICY_DIRS += device/google/pantah-sepolicy/tracking_denials
diff --git a/tracking_denials/hal_dumpstate_default.te b/tracking_denials/hal_dumpstate_default.te
new file mode 100644
index 0000000..2a33551
--- /dev/null
+++ b/tracking_denials/hal_dumpstate_default.te
@@ -0,0 +1,2 @@
+# b/263548298
+dontaudit hal_dumpstate_default sysfs:dir { read };