storaged.te: Remove redundant permission. All SELinux domains are already granted the ability to read the filenames in /proc, so it's unnecessary to add it to storaged.te. $ grep "proc:dir r_dir_perms" public/domain.te allow domain proc:dir r_dir_perms; Remove redundant rule. Test: policy compiles. Change-Id: I8779cda19176f7eb914778f131bb5b14e5b14448

commit: 1a022cbbe71e23f90e2ba55866e352dd6b14cdc8 [log] [tgz]
author: Nick Kralevich <nnk@google.com> Fri Jan 06 18:53:12 2017 -0800
committer: Nick Kralevich <nnk@google.com> Fri Jan 06 18:56:29 2017 -0800
tree: 177573e5b78c0fe77c53b15455a0f12fe9de0430
parent: 110588797d598c9a2434ee668465aea87b7139a6 [diff]
diff --git a/private/storaged.te b/private/storaged.te
index bf5c242..684f617 100644
--- a/private/storaged.te
+++ b/private/storaged.te

@@ -8,7 +8,6 @@
 allow storaged kmsg_device:chr_file { write append };
 
 # Read access to pseudo filesystems
-allow storaged proc:dir r_dir_perms;
 r_dir_file(storaged, sysfs_type)
 r_dir_file(storaged, proc_net)
 r_dir_file(storaged, domain)
commit	1a022cbbe71e23f90e2ba55866e352dd6b14cdc8	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Fri Jan 06 18:53:12 2017 -0800
committer	Nick Kralevich <nnk@google.com>	Fri Jan 06 18:56:29 2017 -0800
tree	177573e5b78c0fe77c53b15455a0f12fe9de0430
parent	110588797d598c9a2434ee668465aea87b7139a6 [diff]