From 0b77875c4a7a9e2f8430f35e7ef3c316d91a7d3d Mon Sep 17 00:00:00 2001
From: Wilson Sung <wilsonsung@google.com>
Date: Wed, 21 Jun 2023 15:26:38 +0800
Subject: [PATCH] Supress kernel avc log before SELinux initialized

Bug: 288049349
Fix: 288049229
Change-Id: I5087a77e65ecdbaa868a7257342f5d99f424880a
---
 bug_map                  | 1 -
 tracking_denials/bug_map | 4 ----
 vendor/kernel.te         | 5 +++++
 3 files changed, 5 insertions(+), 5 deletions(-)
 delete mode 100644 bug_map

diff --git a/bug_map b/bug_map
deleted file mode 100644
index c15cd11f..00000000
--- a/bug_map
+++ /dev/null
@@ -1 +0,0 @@
-vendor_init device_config_configuration_prop property_service b/267843409
diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map
index c4cb85e6..4e2249d5 100644
--- a/tracking_denials/bug_map
+++ b/tracking_denials/bug_map
@@ -6,10 +6,6 @@ incidentd debugfs_wakeup_sources file b/288049561
 incidentd incidentd anon_inode b/288049561
 insmod-sh insmod-sh key b/274374722
 insmod-sh vendor_regmap_debugfs dir b/274727542
-kernel sepolicy_file file b/288049229
-kernel system_bootstrap_lib_file dir b/288049229
-kernel system_bootstrap_lib_file file b/288049349
-kernel system_dlkm_file dir b/288049229
 kernel vendor_fw_file dir b/288049349
 mtectrl unlabeled dir b/264483752
 systemui_app wm_trace_data_file dir b/288049075
diff --git a/vendor/kernel.te b/vendor/kernel.te
index f5030b1b..c6515c76 100644
--- a/vendor/kernel.te
+++ b/vendor/kernel.te
@@ -13,4 +13,9 @@ no_debugfs_restriction(`
 ')
 
 dontaudit kernel vendor_maxfg_debugfs:dir search;
+dontaudit kernel sepolicy_file:file getattr;
+dontaudit kernel system_bootstrap_lib_file:dir getattr;
+dontaudit kernel system_bootstrap_lib_file:file getattr;
+dontaudit kernel system_dlkm_file:dir getattr;
+
 allow kernel vendor_regmap_debugfs:dir search;