From 355e1c648a0aac3239a4c7e94a1ff5b3ead1e35f Mon Sep 17 00:00:00 2001
From: rsuntk <rsuntk@yukiprjkt.my.id>
Date: Sat, 9 Aug 2025 23:13:38 +0700
Subject: [PATCH] kernel: selinux: dontaudit * su dir getattr

* Likely a detection point for newer android.

* I am not sure about this, but a module try to address this: https://github.com/aviraxp/ZN-AuditPatch

* Need more testing.

Suggested-by: fatalcoder524 <11532648+fatalcoder524@users.noreply.github.com>
Tested-by: rsuntk <rsuntk@yukiprjkt.my.id>
Signed-off-by: rsuntk <rsuntk@yukiprjkt.my.id>
---
 kernel/selinux/rules.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/kernel/selinux/rules.c b/kernel/selinux/rules.c
index 920fecc9..fe82f020 100644
--- a/kernel/selinux/rules.c
+++ b/kernel/selinux/rules.c
@@ -122,6 +122,9 @@ void apply_kernelsu_rules()
     ksu_allow(db, "system_server", KERNEL_SU_DOMAIN, "process", "getpgid");
     ksu_allow(db, "system_server", KERNEL_SU_DOMAIN, "process", "sigkill");
 
+	// https://android-review.googlesource.com/c/platform/system/logging/+/3725346
+	ksu_dontaudit(db, ALL, KERNEL_SU_DOMAIN, "dir", "getattr");
+
 	rcu_read_unlock();
 }