From 33e81a9e423eef2894ba7fb744110a5e67e4580d Mon Sep 17 00:00:00 2001
From: Primiano Tucci <primiano@google.com>
Date: Thu, 17 Jan 2019 15:54:45 +0000
Subject: [PATCH] Revoke ftrace selinux access from dumpstate

Getting rid of the feature in aosp/874979.
See other CL and bug for context.

Bug: 122987614
Bug: 122987614
Test: run dumpstate before and after patch,
      file sizes are comparable,
      observed no tracing-related errors.
Change-Id: Ifcde8dcbb99ce53d226b50ddd3178adaaa4322bd
---
 private/dumpstate.te | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/private/dumpstate.te b/private/dumpstate.te
index 4f3dda6aa..606e5103f 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -8,12 +8,6 @@ domain_auto_trans(dumpstate, vdc_exec, vdc)
 # Acquire advisory lock on /system/etc/xtables.lock from ip[6]tables
 allow dumpstate system_file:file lock;
 
-# systrace support - allow atrace to run
-allow dumpstate debugfs_tracing:dir r_dir_perms;
-allow dumpstate debugfs_tracing:file rw_file_perms;
-allow dumpstate debugfs_tracing_debug:dir r_dir_perms;
-allow dumpstate debugfs_trace_marker:file getattr;
-allow dumpstate atrace_exec:file rx_file_perms;
 allow dumpstate storaged_exec:file rx_file_perms;
 
 # /data/misc/wmtrace for wm traces
-- 
GitLab