Revert "Remove domain_deprecated from sdcard domains"

This reverts commit 0c7bc58e. bug: 26807309 Change-Id: I8a7b0e56a0d6f723508d0fddceffdff76eb0459a

Revert "Remove domain_deprecated from sdcard domains"
This reverts commit 0c7bc58e. bug: 26807309 Change-Id: I8a7b0e56a0d6f723508d0fddceffdff76eb0459a
f4d7eef7 · Narayan Kamath · 0c7bc58e · f4d7eef7 · f4d7eef7 · f4d7eef7
Commit f4d7eef7 authored 9 years ago by Narayan Kamath
--- a/blkid.te
+++ b/blkid.te
 # blkid called from vold
-type blkid, domain;
+type blkid, domain, domain_deprecated;
 type blkid_exec, exec_type, file_type;

 # Allowed read-only access to encrypted devices to extract UUID/label
@@ -14,9 +14,6 @@ allow blkid vold:fifo_file { read write getattr };
 # For blkid launched through popen()
 allow blkid blkid_exec:file rx_file_perms;

-# access to /proc/filesystems
-allow blkid proc:file r_file_perms;
-
 # Only allow entry from vold
 neverallow { domain -vold } blkid:process transition;
 neverallow domain blkid:process dyntransition;

--- a/blkid_untrusted.te
+++ b/blkid_untrusted.te
 # blkid for untrusted block devices
-type blkid_untrusted, domain;
+type blkid_untrusted, domain, domain_deprecated;

 # Allowed read-only access to vold block devices to extract UUID/label
 allow blkid_untrusted block_device:dir search;

--- a/fsck.te
+++ b/fsck.te
 # Any fsck program run by init
-type fsck, domain;
+type fsck, domain, domain_deprecated;
 type fsck_exec, exec_type, file_type;

 init_daemon_domain(fsck)
@@ -24,8 +24,6 @@ allow fsck dm_device:blk_file rw_file_perms;
 # fsck performs a stat() on swap to verify that it is a valid
 # swap device before setting the EXT2_MF_SWAP mount flag.
 allow fsck swap_block_device:blk_file getattr;
-# access to /proc/swaps
-allow fsck proc:file r_file_perms;

 ###
 ### neverallow rules

--- a/fsck_untrusted.te
+++ b/fsck_untrusted.te
 # Any fsck program run on untrusted block devices
-type fsck_untrusted, domain;
+type fsck_untrusted, domain, domain_deprecated;

 # Inherit and use pty created by android_fork_execvp_ext().
 allow fsck_untrusted devpts:chr_file { read write ioctl getattr };

--- a/sdcardd.te
+++ b/sdcardd.te
-type sdcardd, domain;
+type sdcardd, domain, domain_deprecated;
 type sdcardd_exec, exec_type, file_type;

 allow sdcardd cgroup:dir create_dir_perms;

--- a/sgdisk.te
+++ b/sgdisk.te
 # sgdisk called from vold
-type sgdisk, domain;
+type sgdisk, domain, domain_deprecated;
 type sgdisk_exec, exec_type, file_type;

 # Allowed to read/write low-level partition tables