From 52e9d047610b5426e0014775ad7653a236b0c1c7 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Sat, 16 Jan 2016 07:44:14 -0800
Subject: [PATCH] kernel.te: drop allow kernel untrusted_app:fd use;

auditallow says it's not used.

Bug: 25331459
Change-Id: Ic414efcd0a3be6d744ab66382c20f0ea4c9ea116
---
 kernel.te | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/kernel.te b/kernel.te
index ed6b7ba0a..05838afd7 100644
--- a/kernel.te
+++ b/kernel.te
@@ -42,10 +42,7 @@ allow kernel self:security setcheckreqprot;
 
 # MTP sync (b/15835289)
 # kernel thread "loop0", used by the loop block device, for ASECs (b/17158723)
-allow kernel { priv_app untrusted_app }:fd use;
-# privileged apps have moved to the priv_app domain. Determine
-# if this permission is still needed. b/25331459
-auditallow kernel untrusted_app:fd use;
+allow kernel priv_app:fd use;
 allow kernel sdcard_type:file { read write };
 
 # Allow the kernel to read OBB files from app directories. (b/17428116)
-- 
GitLab