private/domain_deprecated.te - android_system_sepolicy - Gitiles

 # rules removed from the domain attribute

 # Read access to pseudo filesystems.
 r_dir_file(domain_deprecated, sysfs)

 userdebug_or_eng(`
 auditallow {
   domain_deprecated
   -fingerprintd
   -healthd
   -netd
   -recovery
   -system_app
   -surfaceflinger
   -system_server
   -tee
   -ueventd
   -vold
 } sysfs:dir { open getattr read ioctl lock }; # search granted in domain
 auditallow {
   domain_deprecated
   -fingerprintd
   -healthd
   -netd
   -recovery
   -system_app
   -surfaceflinger
   -system_server
   -tee
   -ueventd
   -vold
 } sysfs:file r_file_perms;
 auditallow {
   domain_deprecated
   -fingerprintd
   -healthd
   -netd
   -recovery
   -system_app
   -surfaceflinger
   -system_server
   -tee
   -ueventd
   -vold
 } sysfs:lnk_file { getattr open ioctl lock }; # read granted in domain
 ')
	# rules removed from the domain attribute

	# Read access to pseudo filesystems.
	r_dir_file(domain_deprecated, sysfs)

	userdebug_or_eng(`
	auditallow {
	domain_deprecated
	-fingerprintd
	-healthd
	-netd
	-recovery
	-system_app
	-surfaceflinger
	-system_server
	-tee
	-ueventd
	-vold
	} sysfs:dir { open getattr read ioctl lock }; # search granted in domain
	auditallow {
	domain_deprecated
	-fingerprintd
	-healthd
	-netd
	-recovery
	-system_app
	-surfaceflinger
	-system_server
	-tee
	-ueventd
	-vold
	} sysfs:file r_file_perms;
	auditallow {
	domain_deprecated
	-fingerprintd
	-healthd
	-netd
	-recovery
	-system_app
	-surfaceflinger
	-system_server
	-tee
	-ueventd
	-vold
	} sysfs:lnk_file { getattr open ioctl lock }; # read granted in domain
	')