From 71db4110434d18adfaf87fd788f8dfd1d5709899 Mon Sep 17 00:00:00 2001
From: dcashman <dcashman@google.com>
Date: Wed, 14 May 2014 13:11:43 -0700
Subject: [PATCH] Remove duplicate neverallow rule.

Commit: 7ffb9972076bfbd2abab1df6b4d759d14d55af96 added protection against low
memory mapping for all domains, a superset of appdomain.  Remove the same,
redundant neverallow rule from appdomain.

Change-Id: Ia41c02763f6b5a260c56d10adfbab649d9f3f97c
---
 app.te | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/app.te b/app.te
index ecdea85ea..361530624 100644
--- a/app.te
+++ b/app.te
@@ -241,10 +241,6 @@ neverallow { appdomain -unconfineddomain } { domain -appdomain }:process
 neverallow { appdomain -shell -unconfineddomain } ~appdomain:process
     { transition dyntransition };
 
-# Map low memory.
-# Note: Take to domain.te and apply to all domains in the future.
-neverallow { appdomain -unconfineddomain } self:memprotect mmap_zero;
-
 # Write to rootfs.
 neverallow { appdomain -unconfineddomain } rootfs:dir_file_class_set
     { create write setattr relabelfrom relabelto append unlink link rename };
-- 
GitLab