Suppressing boot time denial This denial is generated by whichever process first attempts to access the filesystem, triggering the kernel to go through module loading to find the correct crypto module to use to decrypt the FS. This dontaudit will suppress the denial until the underlying problem is fixed denied { module_request } for comm="BootAnimation" kmod="crypto-heh(aes)-all" scontext=u:r:bootanim:s0 tcontext=u:r:kernel:s0 tclass=system Bug: 37205419 Test: bootanim doesn't spawn a module_load denial Change-Id: Iceebe582cc6573ecea739494b424da99f1ce4a0e

commit: 6c71d0ced7eb676a0bbf2824a61d6c882901a1f2 [log] [tgz]
author: Max Bires <jbires@google.com> Tue Jan 30 10:27:39 2018 -0800
committer: Max Bires <jbires@google.com> Tue Jan 30 10:55:57 2018 -0800
tree: c3ea8855fa6df18f4fff3a482deb13df032a5868
parent: 93f1cb21383a5f10ceb08a0d48de0332b8b12f26 [diff]
diff --git a/sepolicy/bootanim.te b/sepolicy/bootanim.te
index b5d00b9..4d229a6 100644
--- a/sepolicy/bootanim.te
+++ b/sepolicy/bootanim.te

@@ -3,3 +3,6 @@
 # in /data/system. This should be moved. In the meantime, suppress
 # this denial on Marlin since this functionality is not used.
 dontaudit bootanim system_data_file:dir read;
+
+# TODO(b/37205419): Remove upon resolution
+dontaudit bootanim kernel:system module_request;
commit	6c71d0ced7eb676a0bbf2824a61d6c882901a1f2	[log] [tgz]
author	Max Bires <jbires@google.com>	Tue Jan 30 10:27:39 2018 -0800
committer	Max Bires <jbires@google.com>	Tue Jan 30 10:55:57 2018 -0800
tree	c3ea8855fa6df18f4fff3a482deb13df032a5868
parent	93f1cb21383a5f10ceb08a0d48de0332b8b12f26 [diff]