From f4d7eef731a14317be48b1c6bfd44e8220770f51 Mon Sep 17 00:00:00 2001
From: Narayan Kamath <narayan@google.com>
Date: Wed, 27 Jan 2016 15:32:47 +0000
Subject: [PATCH] Revert "Remove domain_deprecated from sdcard domains"

This reverts commit 0c7bc58e91eeda73e24f13735c0205fd3f88f91a.

bug: 26807309

Change-Id: I8a7b0e56a0d6f723508d0fddceffdff76eb0459a
---
 blkid.te           | 5 +----
 blkid_untrusted.te | 2 +-
 fsck.te            | 4 +---
 fsck_untrusted.te  | 2 +-
 sdcardd.te         | 2 +-
 sgdisk.te          | 2 +-
 6 files changed, 6 insertions(+), 11 deletions(-)

diff --git a/blkid.te b/blkid.te
index 7a7e02457..23ce3a9da 100644
--- a/blkid.te
+++ b/blkid.te
@@ -1,5 +1,5 @@
 # blkid called from vold
-type blkid, domain;
+type blkid, domain, domain_deprecated;
 type blkid_exec, exec_type, file_type;
 
 # Allowed read-only access to encrypted devices to extract UUID/label
@@ -14,9 +14,6 @@ allow blkid vold:fifo_file { read write getattr };
 # For blkid launched through popen()
 allow blkid blkid_exec:file rx_file_perms;
 
-# access to /proc/filesystems
-allow blkid proc:file r_file_perms;
-
 # Only allow entry from vold
 neverallow { domain -vold } blkid:process transition;
 neverallow domain blkid:process dyntransition;
diff --git a/blkid_untrusted.te b/blkid_untrusted.te
index df8e447f9..7e53de7ad 100644
--- a/blkid_untrusted.te
+++ b/blkid_untrusted.te
@@ -1,5 +1,5 @@
 # blkid for untrusted block devices
-type blkid_untrusted, domain;
+type blkid_untrusted, domain, domain_deprecated;
 
 # Allowed read-only access to vold block devices to extract UUID/label
 allow blkid_untrusted block_device:dir search;
diff --git a/fsck.te b/fsck.te
index ebff968a2..cdf1188aa 100644
--- a/fsck.te
+++ b/fsck.te
@@ -1,5 +1,5 @@
 # Any fsck program run by init
-type fsck, domain;
+type fsck, domain, domain_deprecated;
 type fsck_exec, exec_type, file_type;
 
 init_daemon_domain(fsck)
@@ -24,8 +24,6 @@ allow fsck dm_device:blk_file rw_file_perms;
 # fsck performs a stat() on swap to verify that it is a valid
 # swap device before setting the EXT2_MF_SWAP mount flag.
 allow fsck swap_block_device:blk_file getattr;
-# access to /proc/swaps
-allow fsck proc:file r_file_perms;
 
 ###
 ### neverallow rules
diff --git a/fsck_untrusted.te b/fsck_untrusted.te
index 67c67b762..4f01db215 100644
--- a/fsck_untrusted.te
+++ b/fsck_untrusted.te
@@ -1,5 +1,5 @@
 # Any fsck program run on untrusted block devices
-type fsck_untrusted, domain;
+type fsck_untrusted, domain, domain_deprecated;
 
 # Inherit and use pty created by android_fork_execvp_ext().
 allow fsck_untrusted devpts:chr_file { read write ioctl getattr };
diff --git a/sdcardd.te b/sdcardd.te
index a6648200e..056e9f829 100644
--- a/sdcardd.te
+++ b/sdcardd.te
@@ -1,4 +1,4 @@
-type sdcardd, domain;
+type sdcardd, domain, domain_deprecated;
 type sdcardd_exec, exec_type, file_type;
 
 allow sdcardd cgroup:dir create_dir_perms;
diff --git a/sgdisk.te b/sgdisk.te
index 8a689a113..b8d6b3ffc 100644
--- a/sgdisk.te
+++ b/sgdisk.te
@@ -1,5 +1,5 @@
 # sgdisk called from vold
-type sgdisk, domain;
+type sgdisk, domain, domain_deprecated;
 type sgdisk_exec, exec_type, file_type;
 
 # Allowed to read/write low-level partition tables
-- 
GitLab