Drop domain write access to sysfs for the emulator. 3.4 goldfish kernel supports sysfs labeling so we no longer need this. Change-Id: I77514a8f3102ac8be957c57d95e7de7d5901f69d Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

commit: 29326eda65b121fe0edbbae43bc463af17aaed9b [log] [tgz]
author: Stephen Smalley <sds@tycho.nsa.gov> Fri May 03 11:09:15 2013 -0400
committer: Stephen Smalley <sds@tycho.nsa.gov> Fri Sep 13 18:29:03 2013 +0000
tree: 90983bd888d3ed155b5aec91cb058aea8bf8fa0d
parent: 0f7641d83d7044431db44d4dd2377e6f8ef93e85 [diff]
diff --git a/domain.te b/domain.te
index 7c9e7a6..3db35d7 100644
--- a/domain.te
+++ b/domain.te

@@ -103,9 +103,8 @@
 # For /sys/qemu_trace files in the emulator.
 bool in_qemu false;
 if (in_qemu) {
-allow domain sysfs:file rw_file_perms;
-}
 allow domain sysfs_writable:file rw_file_perms;
+}
 
 # Read access to pseudo filesystems.
 r_dir_file(domain, proc)
commit	29326eda65b121fe0edbbae43bc463af17aaed9b	[log] [tgz]
author	Stephen Smalley <sds@tycho.nsa.gov>	Fri May 03 11:09:15 2013 -0400
committer	Stephen Smalley <sds@tycho.nsa.gov>	Fri Sep 13 18:29:03 2013 +0000
tree	90983bd888d3ed155b5aec91cb058aea8bf8fa0d
parent	0f7641d83d7044431db44d4dd2377e6f8ef93e85 [diff]