commit d918c8df783e05908e8215a21862afbf3f9d3ac7
author Tri Vo <trong@google.com> Fri Nov 09 15:45:05 2018 -0800
committer Tri Vo <trong@google.com> Sat Nov 17 01:24:49 2018 +0000
tree b1cf63e413ad76104997a783976e6d7d5d2ee7d9
parent fe14d483da90e77633831e62ec3909d4c76979ed

Remove redundant cgroup type/labelings.

cgroup is labeled from genfs_contexts. Also, cgroup filesystems can't be
context mounted, i.e. it's not possible to mount them with a label other
than "cgroup".

Bug: 110962171
Test: m selinux_policy
Test: boot aosp_walleye
Change-Id: I8319b10136c42a42d1edaee47b77ad1698e87f2c

private/compat/28.0/28.0.cil

diff --git a/private/compat/28.0/28.0.cil b/private/compat/28.0/28.0.cil
index 4e653b2..f7a0c37 100644
--- a/private/compat/28.0/28.0.cil
+++ b/private/compat/28.0/28.0.cil
@@ -2,6 +2,7 @@
 (type audio_seq_device)
 (type audio_timer_device)
 (type commontime_management_service)
+(type cpuctl_device)
 (type fingerprint_vendor_data_file)
 (type full_device)
 (type i2c_device)

private/file_contexts

diff --git a/private/file_contexts b/private/file_contexts
index 32e56e0..dd957a7 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -83,8 +83,6 @@
 /dev/block/zram[0-9]*	u:object_r:ram_device:s0
 /dev/bus/usb(.*)?       u:object_r:usb_device:s0
 /dev/console		u:object_r:console_device:s0
-/dev/cpuctl(/.*)?	u:object_r:cpuctl_device:s0
-/dev/memcg(/.*)?        u:object_r:cgroup:s0
 /dev/device-mapper	u:object_r:dm_device:s0
 /dev/eac		u:object_r:audio_device:s0
 /dev/event-log-tags     u:object_r:runtime_event_log_tags_file:s0

public/device.te

diff --git a/public/device.te b/public/device.te
index a4f7f01..e55c86d 100644
--- a/public/device.te
+++ b/public/device.te
@@ -18,7 +18,6 @@
 type rtc_device, dev_type;
 type vold_device, dev_type;
 type console_device, dev_type;
-type cpuctl_device, dev_type;
 type fscklogs, dev_type;
 # GPU (used by most UI apps)
 type gpu_device, dev_type, mlstrustedobject;

public/init.te

diff --git a/public/init.te b/public/init.te
index 770922a..2a8036a 100644
--- a/public/init.te
+++ b/public/init.te
@@ -94,7 +94,6 @@
 allow init tmpfs:dir mounton;
 allow init cgroup:dir create_dir_perms;
 allow init cgroup:file rw_file_perms;
-allow init cpuctl_device:dir { create mounton };
 
 # /config
 allow init configfs:dir mounton;

public/postinstall_dexopt.te

diff --git a/public/postinstall_dexopt.te b/public/postinstall_dexopt.te
index 8b6d6cc..0ccd168 100644
--- a/public/postinstall_dexopt.te
+++ b/public/postinstall_dexopt.te
@@ -55,5 +55,3 @@
 # Allow otapreopt to use file descriptors from otapreopt_chroot.
 # TODO: Probably we can actually close file descriptors...
 allow postinstall_dexopt otapreopt_chroot:fd use;
-
-allow postinstall_dexopt cpuctl_device:dir search;