Merge "Revert "ueventd.te: auditallow device:chr_file""
diff --git a/public/domain.te b/public/domain.te
index c010d79..30dbd7e 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -299,9 +299,8 @@
# Don't allow raw read/write/open access to generic devices.
# Rather force a relabel to a more specific type.
# init is exempt from this as there are character devices that only it uses.
-# uevent historically was granted access, but this does not appear used.
-# Tightening candidate?
-neverallow { domain -init -ueventd } device:chr_file no_rw_file_perms;
+# ueventd is exempt from this, as it is managing these devices.
+neverallow { domain -init -ueventd } device:chr_file { open read write };
# Limit what domains can mount filesystems or change their mount flags.
# sdcard_type / vfat is exempt as a larger set of domains need
diff --git a/public/ueventd.te b/public/ueventd.te
index ce1cb37..3f1dcd4 100644
--- a/public/ueventd.te
+++ b/public/ueventd.te
@@ -7,12 +7,7 @@
allow ueventd self:capability { chown mknod net_admin setgid fsetid sys_rawio dac_override fowner };
allow ueventd device:file create_file_perms;
-
-# Read/write generically labeled /dev character device files.
-# TODO: this rule appears unnecessary. Delete?
allow ueventd device:chr_file rw_file_perms;
-auditallow ueventd device:chr_file { read lock write ioctl open append };
-
r_dir_file(ueventd, sysfs_type)
r_dir_file(ueventd, rootfs)
allow ueventd sysfs:file w_file_perms;