commit dbe0f65a84eae134bfa83950fc4cbd750276d23d
author Jeff Vander Stoep <jeffv@google.com> Tue Jul 11 21:36:02 2017 -0700
committer Jeffrey Vander Stoep <jeffv@google.com> Wed Jul 12 15:40:22 2017 +0000
tree 21ec3179707f731175d4663121c627fe4061853c
parent 90d2772a65588bdc40192c4e52186ab156948efc

domain_deprecated: remove system_file rules

Logs indicate that these rules have already been moved to the
domains that need them.

Bug: 28760354
Test: build
Merged-In: I588a1e7ea7ef984907b79a5a391efb2dcd6e6431
Change-Id: I588a1e7ea7ef984907b79a5a391efb2dcd6e6431

public/domain_deprecated.te

diff --git a/public/domain_deprecated.te b/public/domain_deprecated.te
index e2c600e..5c8c07e 100644
--- a/public/domain_deprecated.te
+++ b/public/domain_deprecated.te
@@ -1,32 +1,5 @@
 # rules removed from the domain attribute
 
-# System file accesses.
-allow domain_deprecated system_file:dir r_dir_perms;
-allow domain_deprecated system_file:file r_file_perms;
-userdebug_or_eng(`
-auditallow {
-  domain_deprecated
-  -appdomain
-  -fingerprintd
-  -installd
-  -keystore
-  -rild
-  -surfaceflinger
-  -system_server
-  -update_engine
-  -vold
-  -zygote
-} system_file:dir { open read ioctl lock }; # search getattr in domain
-auditallow {
-  domain_deprecated
-  -appdomain
-  -rild
-  -surfaceflinger
-  -system_server
-  -zygote
-} system_file:file { ioctl lock }; # read open getattr in domain
-')
-
 # Read files already opened under /data.
 allow domain_deprecated system_data_file:file { getattr read };
 allow domain_deprecated system_data_file:lnk_file r_file_perms;