domain_deprecated: remove sysfs rules

am: 275f6dd5

Change-Id: I02b2eb1a5bbd0cf3a4bbeffbe70e442ba4cf8ee6

private/domain_deprecated.te

-# rules removed from the domain attribute
-
-# Read access to pseudo filesystems.
-r_dir_file(domain_deprecated, sysfs)
-
-userdebug_or_eng(`
-auditallow {
-  domain_deprecated
-  -fingerprintd
-  -healthd
-  -netd
-  -recovery
-  -system_app
-  -surfaceflinger
-  -system_server
-  -tee
-  -ueventd
-  -vold
-} sysfs:dir { open getattr read ioctl lock }; # search granted in domain
-auditallow {
-  domain_deprecated
-  -fingerprintd
-  -healthd
-  -netd
-  -recovery
-  -system_app
-  -surfaceflinger
-  -system_server
-  -tee
-  -ueventd
-  -vold
-} sysfs:file r_file_perms;
-auditallow {
-  domain_deprecated
-  -fingerprintd
-  -healthd
-  -netd
-  -recovery
-  -system_app
-  -surfaceflinger
-  -system_server
-  -tee
-  -ueventd
-  -vold
-} sysfs:lnk_file { getattr open ioctl lock }; # read granted in domain
-')

public/uncrypt.te

@@ -40,3 +40,6 @@ r_dir_file(uncrypt, rootfs)
 
 # uncrypt reads /proc/cmdline
 allow uncrypt proc:file r_file_perms;
+
+# Read files in /sys
+r_dir_file(uncrypt, sysfs)

public/update_engine_common.te

@@ -44,3 +44,6 @@ allow update_engine proc_misc:file r_file_perms;
 
 # read directories on /system and /vendor
 allow update_engine system_file:dir r_dir_perms;
+
+# Read files in /sys
+r_dir_file(uncrypt, sysfs)