Revert^2 "sepolicy: rules for uid/pid cgroups v2 hierarchy" 51c04ac27b329db75ea1e20bd238147c12c96cf4 Change-Id: Idc35a84b5faabfb9bdd7a7693f51b11938eb0489

commit: a54bed6907439ff5b9c51268b6ce331088497859 [log] [tgz]
author: Marco Ballesio <balejs@google.com> Tue Jan 26 22:18:07 2021 +0000
committer: Suren Baghdasaryan <surenb@google.com> Wed Jan 27 06:07:48 2021 +0000
tree: 35c8cd365adfd64782d6d53504ffb8cf9a3d954a
parent: 4fb66f04d73b489dbf8683a3d129355df0809c6d [diff] [blame]
diff --git a/private/system_server.te b/private/system_server.te
index 6767cd1..b4f72bd 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -868,6 +868,7 @@
 
 # Clean up old cgroups
 allow system_server cgroup:dir { remove_name rmdir };
+allow system_server cgroup_v2:dir { remove_name rmdir };
 
 # /oem access
 r_dir_file(system_server, oemfs)
@@ -946,9 +947,8 @@
 allow system_server preloads_media_file:dir { r_dir_perms write remove_name rmdir };
 
 r_dir_file(system_server, cgroup)
+r_dir_file(system_server, cgroup_v2)
 allow system_server ion_device:chr_file r_file_perms;
-allow system_server cgroup_v2:dir rw_dir_perms;
-allow system_server cgroup_v2:file rw_file_perms;
 
 # Access to /dev/dma_heap/system
 allow system_server dmabuf_system_heap_device:chr_file r_file_perms;
commit	a54bed6907439ff5b9c51268b6ce331088497859	[log] [tgz]
author	Marco Ballesio <balejs@google.com>	Tue Jan 26 22:18:07 2021 +0000
committer	Suren Baghdasaryan <surenb@google.com>	Wed Jan 27 06:07:48 2021 +0000
tree	35c8cd365adfd64782d6d53504ffb8cf9a3d954a
parent	4fb66f04d73b489dbf8683a3d129355df0809c6d [diff] [blame]