From c2c91bba590057d1a386171c2fc586b7d9b5d165 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Wed, 14 May 2014 13:14:54 -0400
Subject: [PATCH] Drop unused rules for raw I/O and mknod.

We added these rules to the recovery domain when we removed them
from unconfined to ensure that we did not break anything. But we
have seen no uses of these rules by the recovery domain.  Tested
wiping userdata and cache from the recovery and performing an
adb sideload of an ota zip file.

Change-Id: I261cb1124130f73e98b87f3e5a31d6d7f521ff11
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 recovery.te | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/recovery.te b/recovery.te
index 5c510e407..cfec16104 100644
--- a/recovery.te
+++ b/recovery.te
@@ -15,7 +15,3 @@ allow recovery dev_type:blk_file rw_file_perms;
 allow recovery self:process execmem;
 allow recovery ashmem_device:chr_file execute;
 allow recovery tmpfs:file rx_file_perms;
-
-## TODO: Investigate whether it is safe to remove these
-allow recovery self:capability { sys_rawio mknod };
-auditallow recovery self:capability { sys_rawio mknod };
-- 
GitLab