From d918c8df783e05908e8215a21862afbf3f9d3ac7 Mon Sep 17 00:00:00 2001
From: Tri Vo <trong@google.com>
Date: Fri, 9 Nov 2018 15:45:05 -0800
Subject: [PATCH] Remove redundant cgroup type/labelings.

cgroup is labeled from genfs_contexts. Also, cgroup filesystems can't be
context mounted, i.e. it's not possible to mount them with a label other
than "cgroup".

Bug: 110962171
Test: m selinux_policy
Test: boot aosp_walleye
Change-Id: I8319b10136c42a42d1edaee47b77ad1698e87f2c
---
 private/compat/28.0/28.0.cil | 1 +
 private/file_contexts        | 2 --
 public/device.te             | 1 -
 public/init.te               | 1 -
 public/postinstall_dexopt.te | 2 --
 5 files changed, 1 insertion(+), 6 deletions(-)

diff --git a/private/compat/28.0/28.0.cil b/private/compat/28.0/28.0.cil
index 4e653b20a..f7a0c3756 100644
--- a/private/compat/28.0/28.0.cil
+++ b/private/compat/28.0/28.0.cil
@@ -2,6 +2,7 @@
 (type audio_seq_device)
 (type audio_timer_device)
 (type commontime_management_service)
+(type cpuctl_device)
 (type fingerprint_vendor_data_file)
 (type full_device)
 (type i2c_device)
diff --git a/private/file_contexts b/private/file_contexts
index 32e56e0a7..dd957a74e 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -83,8 +83,6 @@
 /dev/block/zram[0-9]*	u:object_r:ram_device:s0
 /dev/bus/usb(.*)?       u:object_r:usb_device:s0
 /dev/console		u:object_r:console_device:s0
-/dev/cpuctl(/.*)?	u:object_r:cpuctl_device:s0
-/dev/memcg(/.*)?        u:object_r:cgroup:s0
 /dev/device-mapper	u:object_r:dm_device:s0
 /dev/eac		u:object_r:audio_device:s0
 /dev/event-log-tags     u:object_r:runtime_event_log_tags_file:s0
diff --git a/public/device.te b/public/device.te
index a4f7f01fe..e55c86d87 100644
--- a/public/device.te
+++ b/public/device.te
@@ -18,7 +18,6 @@ type ram_device, dev_type;
 type rtc_device, dev_type;
 type vold_device, dev_type;
 type console_device, dev_type;
-type cpuctl_device, dev_type;
 type fscklogs, dev_type;
 # GPU (used by most UI apps)
 type gpu_device, dev_type, mlstrustedobject;
diff --git a/public/init.te b/public/init.te
index 770922a1b..2a8036a8b 100644
--- a/public/init.te
+++ b/public/init.te
@@ -94,7 +94,6 @@ allow init tmpfs:dir create_dir_perms;
 allow init tmpfs:dir mounton;
 allow init cgroup:dir create_dir_perms;
 allow init cgroup:file rw_file_perms;
-allow init cpuctl_device:dir { create mounton };
 
 # /config
 allow init configfs:dir mounton;
diff --git a/public/postinstall_dexopt.te b/public/postinstall_dexopt.te
index 8b6d6cc17..0ccd16809 100644
--- a/public/postinstall_dexopt.te
+++ b/public/postinstall_dexopt.te
@@ -55,5 +55,3 @@ allow postinstall_dexopt postinstall:process sigchld;
 # Allow otapreopt to use file descriptors from otapreopt_chroot.
 # TODO: Probably we can actually close file descriptors...
 allow postinstall_dexopt otapreopt_chroot:fd use;
-
-allow postinstall_dexopt cpuctl_device:dir search;
-- 
GitLab