Merge "Deprivilege haiku"
diff --git a/private/storaged.te b/private/storaged.te
index ff5390a..0916adf 100644
--- a/private/storaged.te
+++ b/private/storaged.te
@@ -5,10 +5,6 @@
init_daemon_domain(storaged)
# Read access to pseudo filesystems
-r_dir_file(storaged, proc_net_type)
-userdebug_or_eng(`
- auditallow storaged proc_net_type:{ dir file lnk_file } { getattr open read };
-')
r_dir_file(storaged, domain)
# Read /proc/uid_io/stats
diff --git a/private/zygote.te b/private/zygote.te
index 2810976..ac1ef00 100644
--- a/private/zygote.te
+++ b/private/zygote.te
@@ -92,12 +92,6 @@
# Handle --invoke-with command when launching Zygote with a wrapper command.
allow zygote zygote_exec:file rx_file_perms;
-# Read access to pseudo filesystems.
-r_dir_file(zygote, proc_net_type)
-userdebug_or_eng(`
- auditallow zygote proc_net_type:{ dir file lnk_file } { getattr open read };
-')
-
# Root fs.
r_dir_file(zygote, rootfs)
diff --git a/public/logd.te b/public/logd.te
index 23318b0..2ef257f 100644
--- a/public/logd.te
+++ b/public/logd.te
@@ -6,10 +6,6 @@
r_dir_file(logd, cgroup)
r_dir_file(logd, proc_kmsg)
r_dir_file(logd, proc_meminfo)
-r_dir_file(logd, proc_net_type)
-userdebug_or_eng(`
- auditallow logd proc_net_type:{ dir file lnk_file } { getattr open read };
-')
allow logd self:global_capability_class_set { setuid setgid setpcap sys_nice audit_control };
allow logd self:global_capability2_class_set syslog;