From d017316f16aae3870458534c3e1720165838cacf Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Sun, 9 Jul 2017 16:29:21 -0700
Subject: [PATCH] domain_deprecated: remove access to /proc/meminfo

Logs indicate that all processes that require access already have it.

Bug: 28760354
Test: build
Change-Id: I3dfa16bf4fba7f653c5f8525e8c565e9e24334a8
(cherry picked from commit 3e5bb807fc5b1571e6af6a2a35d7534bfd4562a8)
---
 private/domain_deprecated.te | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/private/domain_deprecated.te b/private/domain_deprecated.te
index 02c2293f3..6b35e1cbc 100644
--- a/private/domain_deprecated.te
+++ b/private/domain_deprecated.te
@@ -144,7 +144,6 @@ auditallow {
 r_dir_file(domain_deprecated, proc)
 r_dir_file(domain_deprecated, sysfs)
 r_dir_file(domain_deprecated, cgroup)
-allow domain_deprecated proc_meminfo:file r_file_perms;
 
 userdebug_or_eng(`
 auditallow {
@@ -242,11 +241,4 @@ auditallow {
   -system_server
   -zygote
 } cgroup:lnk_file r_file_perms;
-auditallow {
-  domain_deprecated
-  -appdomain
-  -surfaceflinger
-  -system_server
-  -vold
-} proc_meminfo:file r_file_perms;
 ')
-- 
GitLab