redbull: sepolicy: Don't audit hal_gnss_qti reading xtra-daemon control property

Silences the following SELinux denial: [ 13.227324] type=1400 audit(1696156342.168:13): avc: denied { read } for comm="Loc_hal_worker" name="u:object_r:xtra_control_prop:s0" dev="tmpfs" ino=15652 scontext=u:r:hal_gnss_qti:s0 tcontext=u:object_r:xtra_control_prop:s0 tclass=file permissive=0 Reason for silence instead of allow: Refer to comments on https://review.lineageos.org/c/LineageOS/android_device_lineage_sepolicy/+/367498 Change-Id: I13bae97a1d555c4c489f4856f554c1d04f29ebd0
author: Yumi Yukimura <me.cafebabe@gmail.com> 2024-02-17 20:52:21 +0800
committer: Michael Bestas <mkbestas@lineageos.org> 2024-12-23 19:59:13 +0200
commit: d2cb42a2fc5250958408825fa7523bc2405423a9 (patch)
tree: 1e969a2972750cfb4fe3af4a370c48dfb53dfe1a
parent: 25647717f47c03dfbb94c1b183c6d32c99f76f22 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/sepolicy/vendor/qcom/common/hal_gnss_qti.te b/sepolicy/vendor/qcom/common/hal_gnss_qti.te
index d3186612..80feb8bf 100644
--- a/sepolicy/vendor/qcom/common/hal_gnss_qti.te
+++ b/sepolicy/vendor/qcom/common/hal_gnss_qti.te
@@ -20,3 +20,6 @@ allow hal_gnss_qti vendor_per_mgr_service:service_manager find;
 
 allow hal_gnss_qti self:qipcrtr_socket create_socket_perms_no_ioctl;
 allow hal_gnss_qti location_data_file:dir r_dir_perms;
+
+# xtra-daemon control
+dontaudit hal_gnss_qti xtra_control_prop:file read;
author	Yumi Yukimura <me.cafebabe@gmail.com>	2024-02-17 20:52:21 +0800
committer	Michael Bestas <mkbestas@lineageos.org>	2024-12-23 19:59:13 +0200
commit	d2cb42a2fc5250958408825fa7523bc2405423a9 (patch)
tree	1e969a2972750cfb4fe3af4a370c48dfb53dfe1a
parent	25647717f47c03dfbb94c1b183c6d32c99f76f22 (diff)