Merge "Drop unused rules for raw I/O, mknod, and block device access."

commit: df2547b9b5be0de3806a1426c98efb16b9e3c154 [log] [tgz]
author: Nick Kralevich <nnk@google.com> Wed May 14 21:35:47 2014 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Wed May 14 21:35:47 2014 +0000
tree: 67a30a6519a673b7e04d7969f952f03e7e410e10
parent: 7e5b6d0ca3a492bb907b71f4657c845b0a75163d [diff]
parent: cdae7debe68bf20521085237b80da9417328841b [diff]
diff --git a/kernel.te b/kernel.te
index c40d08b..0048a62 100644
--- a/kernel.te
+++ b/kernel.te

@@ -17,10 +17,3 @@
 
 # Set checkreqprot by init.rc prior to switching to init domain.
 allow kernel self:security setcheckreqprot;
-
-# For operations performed by kernel or init prior to switching to init domain.
-## TODO: Investigate whether it is safe to remove these
-allow kernel self:capability { sys_rawio mknod };
-auditallow kernel self:capability { sys_rawio mknod };
-allow kernel dev_type:blk_file rw_file_perms;
-auditallow kernel dev_type:blk_file rw_file_perms;
commit	df2547b9b5be0de3806a1426c98efb16b9e3c154	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Wed May 14 21:35:47 2014 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Wed May 14 21:35:47 2014 +0000
tree	67a30a6519a673b7e04d7969f952f03e7e410e10
parent	7e5b6d0ca3a492bb907b71f4657c845b0a75163d [diff]
parent	cdae7debe68bf20521085237b80da9417328841b [diff]