From cf376fd464dc542135d59e44303c2d821418dd78 Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Tue, 11 Jul 2017 21:36:02 -0700
Subject: [PATCH] domain_deprecated: remove system_file rules

Logs indicate that these rules have already been moved to the
domains that need them.

Bug: 28760354
Test: build
Change-Id: I588a1e7ea7ef984907b79a5a391efb2dcd6e6431
(cherry picked from commit 78b016ee80e48a874511b5bbd6842a2062e049e9)
---
 private/domain_deprecated.te | 17 -----------------
 1 file changed, 17 deletions(-)

diff --git a/private/domain_deprecated.te b/private/domain_deprecated.te
index 3c6ba0208..046394e0d 100644
--- a/private/domain_deprecated.te
+++ b/private/domain_deprecated.te
@@ -1,22 +1,5 @@
 # rules removed from the domain attribute
 
-# System file accesses.
-allow domain_deprecated system_file:dir r_dir_perms;
-userdebug_or_eng(`
-auditallow {
-  domain_deprecated
-  -appdomain
-  -fingerprintd
-  -installd
-  -keystore
-  -surfaceflinger
-  -system_server
-  -update_engine
-  -vold
-  -zygote
-} system_file:dir { open read ioctl lock }; # search getattr in domain
-')
-
 # Read files already opened under /data.
 allow domain_deprecated system_data_file:file { getattr read };
 allow domain_deprecated system_data_file:lnk_file r_file_perms;
-- 
GitLab