commit bbe79b3d57896c3ce974261efd94db6ff4738401
author Nick Kralevich <nnk@google.com> Thu Feb 09 12:03:46 2017 -0800
committer gitbuildkicker <android-build@google.com> Thu Feb 09 17:18:13 2017 -0800
tree 319155799294efae4b5bb7b4450dcde764e2e24d
parent ccb10adc6ddb585db7b78e452b4b8b2e9369f70f

Address auditallow spam from init

Init has access to a number of character devices inherited via
domain.te. Exclude those character devices from the auditallow
logging.

In addition, init has access to a number of character devices explicitly
listed in init.te. Exclude those from auditallow logging too.

Addresses various auditallow spam, including:

avc: granted { read open } for comm="init" path="/dev/urandom"
dev="tmpfs" ino=1197 scontext=u:r:init:s0
tcontext=u:object_r:random_device:s0 tclass=chr_file

avc: granted { read open } for comm="init" path="/dev/ptmx" dev="tmpfs"
ino=1294 scontext=u:r:init:s0 tcontext=u:object_r:ptmx_device:s0
tclass=chr_file

avc: granted { read } for comm="init" name="keychord" dev="tmpfs"
ino=1326 scontext=u:r:init:s0 tcontext=u:object_r:keychord_device:s0
tclass=chr_file

avc: granted { read open } for comm="init" path="/dev/keychord"
dev="tmpfs" ino=1326 scontext=u:r:init:s0
tcontext=u:object_r:keychord_device:s0 tclass=chr_file

and others not covered above.

Bug: 35197529
Bug: 33347297
Test: policy compiles and no auditallow denials.
Change-Id: Id869404a16c81c779943e9967eb32da226b6047e
(cherry picked from commit 8b63356bd383026d7e179e4398080a6e3448e73f)