From 90d2772a65588bdc40192c4e52186ab156948efc Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Tue, 11 Jul 2017 21:22:20 -0700
Subject: [PATCH] domain_deprecated: remove rootfs rules

Observed audited access to rootfs moved to individual domains in
commit a12aad45b68da1d3da096659a2b22b5e95c1f6b9

Bug: 28760354
Test: build
Change-Id: Ie5e991d66668e70df69f21334032be6d574bf5c8
---
 public/domain_deprecated.te | 45 -------------------------------------
 1 file changed, 45 deletions(-)

diff --git a/public/domain_deprecated.te b/public/domain_deprecated.te
index 7cfbdff04..e2c600e63 100644
--- a/public/domain_deprecated.te
+++ b/public/domain_deprecated.te
@@ -1,50 +1,5 @@
 # rules removed from the domain attribute
 
-# Root fs.
-allow domain_deprecated rootfs:dir r_dir_perms;
-allow domain_deprecated rootfs:file r_file_perms;
-allow domain_deprecated rootfs:lnk_file r_file_perms;
-userdebug_or_eng(`
-auditallow {
-  domain_deprecated
-  -fsck
-  -healthd
-  -installd
-  -recovery
-  -servicemanager
-  -system_server
-  -ueventd
-  -uncrypt
-  -vold
-  -zygote
-} rootfs:dir { open getattr read ioctl lock }; # search granted in domain
-auditallow {
-  domain_deprecated
-  -healthd
-  -installd
-  -recovery
-  -servicemanager
-  -system_server
-  -ueventd
-  -uncrypt
-  -vold
-  -zygote
-} rootfs:file r_file_perms;
-auditallow {
-  domain_deprecated
-  -appdomain
-  -healthd
-  -installd
-  -recovery
-  -servicemanager
-  -system_server
-  -ueventd
-  -uncrypt
-  -vold
-  -zygote
-} rootfs:lnk_file { getattr open ioctl lock }; # read granted in domain
-')
-
 # System file accesses.
 allow domain_deprecated system_file:dir r_dir_perms;
 allow domain_deprecated system_file:file r_file_perms;
-- 
GitLab