From dbe0f65a84eae134bfa83950fc4cbd750276d23d Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Tue, 11 Jul 2017 21:36:02 -0700
Subject: [PATCH] domain_deprecated: remove system_file rules

Logs indicate that these rules have already been moved to the
domains that need them.

Bug: 28760354
Test: build
Merged-In: I588a1e7ea7ef984907b79a5a391efb2dcd6e6431
Change-Id: I588a1e7ea7ef984907b79a5a391efb2dcd6e6431
---
 public/domain_deprecated.te | 27 ---------------------------
 1 file changed, 27 deletions(-)

diff --git a/public/domain_deprecated.te b/public/domain_deprecated.te
index e2c600e63..5c8c07eae 100644
--- a/public/domain_deprecated.te
+++ b/public/domain_deprecated.te
@@ -1,32 +1,5 @@
 # rules removed from the domain attribute
 
-# System file accesses.
-allow domain_deprecated system_file:dir r_dir_perms;
-allow domain_deprecated system_file:file r_file_perms;
-userdebug_or_eng(`
-auditallow {
-  domain_deprecated
-  -appdomain
-  -fingerprintd
-  -installd
-  -keystore
-  -rild
-  -surfaceflinger
-  -system_server
-  -update_engine
-  -vold
-  -zygote
-} system_file:dir { open read ioctl lock }; # search getattr in domain
-auditallow {
-  domain_deprecated
-  -appdomain
-  -rild
-  -surfaceflinger
-  -system_server
-  -zygote
-} system_file:file { ioctl lock }; # read open getattr in domain
-')
-
 # Read files already opened under /data.
 allow domain_deprecated system_data_file:file { getattr read };
 allow domain_deprecated system_data_file:lnk_file r_file_perms;
-- 
GitLab