From bc1c5453be89ba200aa135e963a7e4eb3bb7fa67 Mon Sep 17 00:00:00 2001
From: Tri Vo <trong@google.com>
Date: Mon, 9 Oct 2017 13:19:29 -0700
Subject: [PATCH] Remove proc label access from kernel domain.

Bug: 65643247
Test: sailfish boots, can take pictures, use browser without denials
form kernel domain.
Change-Id: I4fc0555f0b65fc5537e0b2765142b384ed0560c8
---
 public/kernel.te | 1 -
 1 file changed, 1 deletion(-)

diff --git a/public/kernel.te b/public/kernel.te
index 64111b0fa..74c77a961 100644
--- a/public/kernel.te
+++ b/public/kernel.te
@@ -5,7 +5,6 @@ allow kernel self:capability sys_nice;
 
 # Root fs.
 r_dir_file(kernel, rootfs)
-r_dir_file(kernel, proc)
 allow kernel proc_cmdline:file r_file_perms;
 
 # Get SELinux enforcing status.
-- 
GitLab