Merge "Revert "Move boot_control_hal attribute to hal_boot domain""
diff --git a/public/app.te b/public/app.te
index 6cb3382..7f51574 100644
--- a/public/app.te
+++ b/public/app.te
@@ -425,10 +425,7 @@
proc:dir_file_class_set write;
# Access to syslog(2) or /proc/kmsg.
-neverallow { appdomain -system_app }
- kernel:system { syslog_mod syslog_console };
-neverallow { appdomain -system_app -shell }
- kernel:system syslog_read;
+neverallow appdomain kernel:system { syslog_read syslog_mod syslog_console };
# Ability to perform any filesystem operation other than statfs(2).
# i.e. no mount(2), unmount(2), etc.
diff --git a/public/shell.te b/public/shell.te
index 0e747b7..b00c9ef 100644
--- a/public/shell.te
+++ b/public/shell.te
@@ -85,9 +85,6 @@
set_prop(shell, persist_debug_prop)
')
-# allow shell to run dmesg
-allow shell kernel:system syslog_read;
-
# allow shell access to services
allow shell servicemanager:service_manager list;
# don't allow shell to access GateKeeper service
diff --git a/public/vold.te b/public/vold.te
index afe55c0..3ebb1d2 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -47,7 +47,6 @@
# Allow mounting of storage devices
allow vold { mnt_media_rw_stub_file storage_stub_file }:dir { mounton create rmdir getattr setattr };
-allow vold sdcard_type:filesystem { mount unmount remount };
# Manage per-user primary symlinks
allow vold mnt_user_file:dir create_dir_perms;