From 1a022cbbe71e23f90e2ba55866e352dd6b14cdc8 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Fri, 6 Jan 2017 18:53:12 -0800
Subject: [PATCH] storaged.te: Remove redundant permission.

All SELinux domains are already granted the ability to read the
filenames in /proc, so it's unnecessary to add it to storaged.te.

  $ grep "proc:dir r_dir_perms" public/domain.te
  allow domain proc:dir r_dir_perms;

Remove redundant rule.

Test: policy compiles.
Change-Id: I8779cda19176f7eb914778f131bb5b14e5b14448
---
 private/storaged.te | 1 -
 1 file changed, 1 deletion(-)

diff --git a/private/storaged.te b/private/storaged.te
index bf5c24292..684f617bc 100644
--- a/private/storaged.te
+++ b/private/storaged.te
@@ -8,7 +8,6 @@ init_daemon_domain(storaged)
 allow storaged kmsg_device:chr_file { write append };
 
 # Read access to pseudo filesystems
-allow storaged proc:dir r_dir_perms;
 r_dir_file(storaged, sysfs_type)
 r_dir_file(storaged, proc_net)
 r_dir_file(storaged, domain)
-- 
GitLab