Merge "Remove appdomain sysfs auditallow." into nyc-dev

commit: 2fedc4b723b9f89d90dafd0dd8f79f5bfd777e64 [log] [tgz]
author: Daniel Cashman <dcashman@google.com> Wed Feb 10 20:39:13 2016 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> Wed Feb 10 20:39:13 2016 +0000
tree: 184bdbe437c3cb3606e2a27aef51abf0e70214bd
parent: d7eedeb89c9d59562e9e2d82102fd4b3adba7f30 [diff]
parent: 1af60916863d7ad82a93a58c1b3aa4613bea2ae9 [diff]
diff --git a/app.te b/app.te
index 8bc138d..b89d4e1 100644
--- a/app.te
+++ b/app.te

@@ -229,10 +229,6 @@
 selinux_check_access(appdomain)
 selinux_check_context(appdomain)
 
-# appdomain should not be accessing information on /sys
-auditallow { appdomain userdebug_or_eng(`-su') } sysfs:dir { open getattr read ioctl };
-auditallow { appdomain userdebug_or_eng(`-su') } sysfs:file r_file_perms;
-
 # Apps receive an open tun fd from the framework for
 # device traffic. Do not allow untrusted app to directly open tun_device
 allow { appdomain -isolated_app } tun_device:chr_file { read write getattr ioctl append };
commit	2fedc4b723b9f89d90dafd0dd8f79f5bfd777e64	[log] [tgz]
author	Daniel Cashman <dcashman@google.com>	Wed Feb 10 20:39:13 2016 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	Wed Feb 10 20:39:13 2016 +0000
tree	184bdbe437c3cb3606e2a27aef51abf0e70214bd
parent	d7eedeb89c9d59562e9e2d82102fd4b3adba7f30 [diff]
parent	1af60916863d7ad82a93a58c1b3aa4613bea2ae9 [diff]