Revert "Exclude vendor_modprobe from debugfs neverallow restrictions"
Revert submission 1668411
Reason for revert: Suspect for b/186173384
Reverted Changes:
Iaa4fce9f0:Check that tracefs files are labelled as tracefs_t...
I743a81489:Exclude vendor_modprobe from debugfs neverallow re...
I63a22402c:Add neverallows for debugfs access
I289f2d256:Add a neverallow for debugfs mounting
Change-Id: I04f8bfdc0e5fe8d2f7d6596ed7b840332d611485
diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index ac38f04..befcabe 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -132,7 +132,6 @@
vcn_management_service
vd_device
vendor_kernel_modules
- vendor_modprobe
vibrator_manager_service
virtualization_service
vpn_management_service
diff --git a/private/domain.te b/private/domain.te
index d28b846..3d27563 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -521,12 +521,9 @@
# debugfs_kcov type is not included in this neverallow statement since the KCOV
# tool uses it for kernel fuzzing.
-# vendor_modprobe is also exempted since the kernel modules it loads may create
-# debugfs files in its context.
enforce_debugfs_restriction(`
neverallow {
domain
- -vendor_modprobe
userdebug_or_eng(`
-init
-hal_dumpstate
diff --git a/public/vendor_modprobe.te b/public/vendor_modprobe.te
deleted file mode 100644
index 529c4aa..0000000
--- a/public/vendor_modprobe.te
+++ /dev/null
@@ -1 +0,0 @@
-type vendor_modprobe, domain;
diff --git a/vendor/vendor_modprobe.te b/vendor/vendor_modprobe.te
index 3f5918c..4628ecc 100644
--- a/vendor/vendor_modprobe.te
+++ b/vendor/vendor_modprobe.te
@@ -1,3 +1,5 @@
+type vendor_modprobe, domain;
+
# For the use of /vendor/bin/modprobe from vendor init.rc fragments
domain_trans(init, vendor_toolbox_exec, vendor_modprobe)