From bd247bc88a01423967e6ddac5a677c3823b94b5e Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Tue, 30 Mar 2021 12:05:46 +0200
Subject: [PATCH] crash_dump: supress denials for files in /proc

Crash_dump may not have access to files in /proc that are passed
across exec(). Rather than let these cause test failures, suppress
them.

Fixes: 183575981
Test: build
Change-Id: I285dc84ef8a43a8f5a34538143c6506c70540b03
---
 public/crash_dump.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/public/crash_dump.te b/public/crash_dump.te
index c512b45f8..a6f0a9470 100644
--- a/public/crash_dump.te
+++ b/public/crash_dump.te
@@ -65,6 +65,10 @@ dontaudit crash_dump {
 dontaudit crash_dump system_data_file:{ lnk_file file } read;
 dontaudit crash_dump property_type:file read;
 
+# Suppress denials for files in /proc that are passed
+# across exec().
+dontaudit crash_dump proc_type:file rw_file_perms;
+
 ###
 ### neverallow assertions
 ###