From b9d8296f0e2e82b2ec1a576e34d967160e7edc35 Mon Sep 17 00:00:00 2001
From: drkphnx <dark.phnx12@gmail.com>
Date: Sat, 11 Jun 2022 10:35:23 +0530
Subject: [PATCH] sdm660-common: sepolicy: address or dontaudit some
 untrusted_app denials

Signed-off-by: drkphnx <dark.phnx12@gmail.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
---
 sepolicy/vendor/untrusted_app.te | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/sepolicy/vendor/untrusted_app.te b/sepolicy/vendor/untrusted_app.te
index 567421cf..a9815316 100644
--- a/sepolicy/vendor/untrusted_app.te
+++ b/sepolicy/vendor/untrusted_app.te
@@ -3,3 +3,31 @@ allow untrusted_app_25 zygote:unix_stream_socket getopt;
 allow untrusted_app_27 zygote:unix_stream_socket getopt;
 allow untrusted_app_29 zygote:unix_stream_socket getopt;
 allow untrusted_app_30 zygote:unix_stream_socket getopt;
+
+# dontaudit
+dontaudit untrusted_app proc_zoneinfo: file { read };
+dontaudit untrusted_app system_lib_file:file { execmod };
+dontaudit untrusted_app proc_version:file { read };
+dontaudit untrusted_app proc_net_tcp_udp:file { read };
+dontaudit untrusted_app selinuxfs:file { read };
+dontaudit untrusted_app serialno_prop:file { read };
+dontaudit untrusted_app app_data_file:file { execute  execute_no_trans };
+dontaudit untrusted_app mnt_vendor_file:dir { search };
+dontaudit untrusted_app proc:file { read };
+dontaudit untrusted_app proc:file { open };
+dontaudit untrusted_app proc_net_tcp_udp:file { open };
+dontaudit untrusted_app proc_version:file { read };
+
+allow untrusted_app rootfs:dir { read };
+
+allow untrusted_app proc_kmsg:file { getattr };
+allow untrusted_app proc_keys:file { getattr };
+allow untrusted_app proc_swaps:file { getattr };
+allow untrusted_app proc_modules:file { read };
+
+get_prop(untrusted_app, wifi_hal_prop)
+
+allow untrusted_app rootfs:dir { open };
+allow untrusted_app sysfs:dir { read };
+
+allow untrusted_app block_device:dir { search };