Add directory read permissions to certain domains.
Addresses the following denials and auditallows:
avc: denied { read } for pid=561 comm="hwservicemanage" name="hw"
dev="dm-0" ino=1883 scontext=u:r:hwservicemanager:s0
tcontext=u:object_r:system_file:s0 tclass=dir permissive=0
avc: denied { read } for pid=748 comm="gatekeeperd" name="hw" dev="dm-0"
ino=1883 scontext=u:r:gatekeeperd:s0 tcontext=u:object_r:system_file:s0
tclass=dir permissive=0
avc: granted { read open } for pid=735 comm="fingerprintd"
path="/system/lib64/hw" dev="dm-0" ino=1883 scontext=u:r:fingerprintd:s0
tcontext=u:object_r:system_file:s0 tclass=dir
Test: no denials on boot
Change-Id: Ic363497e3ae5078e564d7195f3739a654860a32f
diff --git a/public/domain_deprecated.te b/public/domain_deprecated.te
index b198703..a8320b5 100644
--- a/public/domain_deprecated.te
+++ b/public/domain_deprecated.te
@@ -27,6 +27,7 @@
auditallow {
domain_deprecated
-appdomain
+ -fingerprintd
-init
-installd
-rild