From 1d75c90be76f1cc3b39e7c9a76210164543b9422 Mon Sep 17 00:00:00 2001
From: Lorenzo Colitti <lorenzo@google.com>
Date: Fri, 13 Jun 2014 21:44:43 +0900
Subject: [PATCH] Remove clatd's dac_override abilities.

These are no longer necessary after the clatd change to acquire
membership in AID_VPN when dropping root privileges.

Change-Id: I9955296fe79e6dcbaa12acad1f1438e11d3b06cf
---
 clatd.te | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/clatd.te b/clatd.te
index b0b5d9540..0371e1462 100644
--- a/clatd.te
+++ b/clatd.te
@@ -17,9 +17,6 @@ allow clatd netd:unix_dgram_socket { read write };
 
 allow clatd self:capability { net_admin net_raw setuid setgid };
 
-# TODO: Run clatd in vpn group to avoid need for this on /dev/tun.
-allow clatd self:capability dac_override;
-
 allow clatd self:netlink_route_socket nlmsg_write;
 allow clatd self:{ packet_socket rawip_socket tun_socket } create_socket_perms;
 allow clatd tun_device:chr_file rw_file_perms;
-- 
GitLab