Remove appdomain sysfs auditallow. Large numbers of denials have been collected. Remove from logging until further action is taken to address existing denials and remove sysfs access from additional appdomains. (cherry-pick from commit: 0b80f4dc8aa09817532138ff2d1fbdc98a34a4ac) Change-Id: I11b9b159702fb2d50d4352f9cd8b68503d07222a

commit: 1af60916863d7ad82a93a58c1b3aa4613bea2ae9 [log] [tgz]
author: dcashman <dcashman@google.com> Wed Feb 10 12:26:41 2016 -0800
committer: dcashman <dcashman@google.com> Wed Feb 10 12:35:17 2016 -0800
tree: c7439ab96e6c72f818d63556ad7d98466e913c78
parent: 8f5a891ff8c394ae462632bd62dc42e4392d646f [diff]
diff --git a/app.te b/app.te
index 8bc138d..b89d4e1 100644
--- a/app.te
+++ b/app.te

@@ -229,10 +229,6 @@
 selinux_check_access(appdomain)
 selinux_check_context(appdomain)
 
-# appdomain should not be accessing information on /sys
-auditallow { appdomain userdebug_or_eng(`-su') } sysfs:dir { open getattr read ioctl };
-auditallow { appdomain userdebug_or_eng(`-su') } sysfs:file r_file_perms;
-
 # Apps receive an open tun fd from the framework for
 # device traffic. Do not allow untrusted app to directly open tun_device
 allow { appdomain -isolated_app } tun_device:chr_file { read write getattr ioctl append };
commit	1af60916863d7ad82a93a58c1b3aa4613bea2ae9	[log] [tgz]
author	dcashman <dcashman@google.com>	Wed Feb 10 12:26:41 2016 -0800
committer	dcashman <dcashman@google.com>	Wed Feb 10 12:35:17 2016 -0800
tree	c7439ab96e6c72f818d63556ad7d98466e913c78
parent	8f5a891ff8c394ae462632bd62dc42e4392d646f [diff]