runas/shell.te: remove {kernel} to perf_event_open
Bug: 390626125
Change-Id: I7acd13997243b0fcc35f70fb3d5105ea89034892
diff --git a/private/runas_app.te b/private/runas_app.te
index 9142a19..63ce178 100644
--- a/private/runas_app.te
+++ b/private/runas_app.te
@@ -28,8 +28,8 @@
# Allow runas_app to call perf_event_open for profiling debuggable app
# processes, but not the whole system.
-allow runas_app self:perf_event { open read write kernel };
-neverallow runas_app self:perf_event ~{ open read write kernel };
+allow runas_app self:perf_event { open read write };
+neverallow runas_app self:perf_event ~{ open read write };
# Suppress bionic loader denial /data/local/tests directories.
dontaudit runas_app shell_test_data_file:dir search;
diff --git a/private/shell.te b/private/shell.te
index 2033f7e..3e45e1f 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -142,7 +142,7 @@
# Allow shell to call perf_event_open for profiling other shell processes, but
# not the whole system.
-allow shell self:perf_event { open read write kernel };
+allow shell self:perf_event { open read write };
# Allow shell to read microdroid vendor image
r_dir_file(shell, vendor_microdroid_file)