Merge "DO NOT MERGE. Remove isolated_app's ability to read sysfs." into nyc-dev

commit: 1a5fcecc98a3c83e07a3ef62d3a86f386c5ba1fa [log] [tgz]
author: TreeHugger Robot <treehugger-gerrit@google.com> Fri May 13 00:33:28 2016 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> Fri May 13 00:33:28 2016 +0000
tree: 77056aaf1eced145a288f36dec62e4d38536d1d6
parent: 95fd38169b867c0e45d11a9dbae698bc65e43a89 [diff]
parent: b84c86b21127be48850a3c533ee1a1da3bc0e195 [diff]
diff --git a/domain_deprecated.te b/domain_deprecated.te
index e5bfb1c..00fb516 100644
--- a/domain_deprecated.te
+++ b/domain_deprecated.te

@@ -54,7 +54,7 @@
 
 # Read access to pseudo filesystems.
 r_dir_file(domain_deprecated, proc)
-r_dir_file(domain_deprecated, sysfs)
+r_dir_file({ domain_deprecated -isolated_app }, sysfs)
 r_dir_file(domain_deprecated, inotify)
 r_dir_file(domain_deprecated, cgroup)
 allow domain_deprecated proc_meminfo:file r_file_perms;
commit	1a5fcecc98a3c83e07a3ef62d3a86f386c5ba1fa	[log] [tgz]
author	TreeHugger Robot <treehugger-gerrit@google.com>	Fri May 13 00:33:28 2016 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	Fri May 13 00:33:28 2016 +0000
tree	77056aaf1eced145a288f36dec62e4d38536d1d6
parent	95fd38169b867c0e45d11a9dbae698bc65e43a89 [diff]
parent	b84c86b21127be48850a3c533ee1a1da3bc0e195 [diff]