android: sepolicy: Add minigbm SELinux policies

Add default set of minigbm SELinux policies, to suppress
audit of minigbm reading vendor.minigbm.debug property,
for the devices which do not use this property.

Change-Id: I277a553e869b7a53a85ca70064c2eef110afeee2
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

3 files changed, 9 insertions, 0 deletions

diff --git a/cros_gralloc/sepolicy/cameraserver.te b/cros_gralloc/sepolicy/cameraserver.te
new file mode 100644
index 0000000..654c6bb
--- /dev/null
+++ b/cros_gralloc/sepolicy/cameraserver.te
@@ -0,0 +1,3 @@
+# Suppress warnings for minigbm trying to read vendor.minigbm.debug
+# property for the devices which do not use this property.
+dontaudit cameraserver vendor_default_prop:file read;
diff --git a/cros_gralloc/sepolicy/mediaswcodec.te b/cros_gralloc/sepolicy/mediaswcodec.te
new file mode 100644
index 0000000..a39fd73
--- /dev/null
+++ b/cros_gralloc/sepolicy/mediaswcodec.te
@@ -0,0 +1,3 @@
+# Suppress warnings for minigbm trying to read vendor.minigbm.debug
+# property for the devices which do not use this property.
+dontaudit mediaswcodec vendor_default_prop:file read;
diff --git a/cros_gralloc/sepolicy/system_server.te b/cros_gralloc/sepolicy/system_server.te
new file mode 100644
index 0000000..402dea6
--- /dev/null
+++ b/cros_gralloc/sepolicy/system_server.te
@@ -0,0 +1,3 @@
+# Suppress warnings for minigbm trying to read vendor.minigbm.debug
+# property for the devices which do not use this property.
+dontaudit system_server vendor_default_prop:file read;