From 3a5bcb0e09ed01bd378dc29f8569d709d8858317 Mon Sep 17 00:00:00 2001
From: rsuntk <rsuntk@yukiprjkt.my.id>
Date: Sat, 9 Aug 2025 23:13:38 +0700
Subject: [PATCH] kernel: selinux: dontaudit * su dir getattr

* Likely a detection point for newer android.

* I am not sure about this, but a module try to address this: https://github.com/aviraxp/ZN-AuditPatch

* Need more testing.

Suggested-by: fatalcoder524 <11532648+fatalcoder524@users.noreply.github.com>
Tested-by: rsuntk <rsuntk@yukiprjkt.my.id>
Signed-off-by: rsuntk <rsuntk@yukiprjkt.my.id>
---
 kernel/selinux/rules.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/kernel/selinux/rules.c b/kernel/selinux/rules.c
index 230b2fc7..ac3d10bf 100644
--- a/kernel/selinux/rules.c
+++ b/kernel/selinux/rules.c
@@ -46,7 +46,7 @@ void apply_kernelsu_rules()
 	}
 
 	mutex_lock(&ksu_rules);
-	
+
 	db = get_policydb();
 
 	ksu_permissive(db, KERNEL_SU_DOMAIN);
@@ -139,6 +139,8 @@ void apply_kernelsu_rules()
 	ksu_allow(db, "system_server", KERNEL_SU_DOMAIN, "process", "getpgid");
 	ksu_allow(db, "system_server", KERNEL_SU_DOMAIN, "process", "sigkill");
 
+	// https://android-review.googlesource.com/c/platform/system/logging/+/3725346
+	ksu_dontaudit(db, ALL, KERNEL_SU_DOMAIN, "dir", "getattr");
 	mutex_unlock(&ksu_rules);
 }