rs.te: Remove dontaudit statements am: 80eec389e2 Change-Id: I7b2dcadf15ccc06dfc39f614f6fe4459812e53c3

commit: 4786c5d1aaf03349e69af24d4732087074063e6c [log] [tgz]
author: Nick Kralevich <nnk@google.com> Wed Jan 16 14:41:24 2019 -0800
committer: android-build-merger <android-build-merger@google.com> Wed Jan 16 14:41:24 2019 -0800
tree: 4f6e3101a3b90dc1fdc2e0adc972d4ee434f46ba
parent: ec56d3024c4c737ea19ecc75f109ab1d34d7332d [diff]
parent: 80eec389e259ed4d5b441abe3645d6b38497f748 [diff]
diff --git a/private/rs.te b/private/rs.te
index f0c9409..5aa2d54 100644
--- a/private/rs.te
+++ b/private/rs.te

@@ -28,15 +28,3 @@
 
 # File descriptors passed from app to renderscript
 allow rs untrusted_app_all:fd use;
-
-# TODO: Explain why these dontaudits are needed. Most likely
-# these are file descriptors leaking across an exec() boundary
-# due to a missing O_CLOEXEC / SOCK_CLOEXEC
-dontaudit rs untrusted_app_all:unix_stream_socket { read write };
-dontaudit rs untrusted_app_all:fifo_file { read write };
-
-# TODO: Explain why this is necessary. I think this is a zygote
-# created logging socket and system server parceled file descriptor
-# which is not using the O_CLOEXEC flag.
-dontaudit rs zygote:fd use;
-dontaudit rs system_server:fd use;
commit	4786c5d1aaf03349e69af24d4732087074063e6c	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Wed Jan 16 14:41:24 2019 -0800
committer	android-build-merger <android-build-merger@google.com>	Wed Jan 16 14:41:24 2019 -0800
tree	4f6e3101a3b90dc1fdc2e0adc972d4ee434f46ba
parent	ec56d3024c4c737ea19ecc75f109ab1d34d7332d [diff]
parent	80eec389e259ed4d5b441abe3645d6b38497f748 [diff]