rs.te: Remove dontaudit statements
These dontaudit rules were in place to suppress SELinux denials due to
file descriptor leakage. The file descriptor leakage has been fixed, so
these rules are no longer necessary. Delete.
Fixes: 120983106
Test: cts-tradefed run cts-dev -m CtsRenderscriptTestCases
Change-Id: I5cad79c3526583bd2b65bd089fee9c490f6beb5e
diff --git a/private/rs.te b/private/rs.te
index f0c9409..5aa2d54 100644
--- a/private/rs.te
+++ b/private/rs.te
@@ -28,15 +28,3 @@
# File descriptors passed from app to renderscript
allow rs untrusted_app_all:fd use;
-
-# TODO: Explain why these dontaudits are needed. Most likely
-# these are file descriptors leaking across an exec() boundary
-# due to a missing O_CLOEXEC / SOCK_CLOEXEC
-dontaudit rs untrusted_app_all:unix_stream_socket { read write };
-dontaudit rs untrusted_app_all:fifo_file { read write };
-
-# TODO: Explain why this is necessary. I think this is a zygote
-# created logging socket and system server parceled file descriptor
-# which is not using the O_CLOEXEC flag.
-dontaudit rs zygote:fd use;
-dontaudit rs system_server:fd use;