sepolicy: dontaudit getattr access to graphics_device
cherry-picked from upstream device/linaro/dragonboard project.
dmesg and logcat is filled with selinux denials
related to getting access to graphics device
attributes.
From bootanimation to all the way up to video
playback, all display/graphics related apps/services
seem to need access to graphics device attributes.
Although the denials are non-fatal but it is good
to get rid of the denial messages.
Change-Id: Ic65364c08b5de8aab8b22997ab5215304a4782ac
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Signed-off-by: Amit Pundir <pundiramit@gmail.com>
diff --git a/sepolicy/te_macros b/sepolicy/te_macros
index e7e11c3..3123f6b 100644
--- a/sepolicy/te_macros
+++ b/sepolicy/te_macros
@@ -5,5 +5,5 @@
allow $1 dri_device:dir { open read search };
allow $1 sysfs_gpu:dir search;
allow $1 sysfs_gpu:file { getattr open read };
-allow $1 graphics_device:chr_file getattr;
+dontaudit $1 graphics_device:chr_file getattr;
')