Stop granting init access to block device properties Although there has been a plan to add code to the init process that requires access to block device properties, that plan has not been realized. Hence stop granting the init process access to block device properties Bug: 202520796 Test: source build/envsetup.sh && lunch aosp_x86_64 && m && launch_cvd Change-Id: I0ed83bd533a901f85986d15f636c9b3f39fec271 Signed-off-by: Bart Van Assche <bvanassche@google.com>

commit: f20fea50f12100896915184b22bb93033da8564f [log] [tgz]
author: Bart Van Assche <bvanassche@google.com> Tue Oct 12 09:17:14 2021 -0700
committer: Bart Van Assche <bvanassche@google.com> Tue Oct 12 09:20:03 2021 -0700
tree: a6ea003bbb58474445bab5ad92710ee203edacdf
parent: aedd65ac207c8ec310b1f0a7f34bcc74370cf1d6 [diff]
diff --git a/private/init.te b/private/init.te
index 200780d..4312444 100644
--- a/private/init.te
+++ b/private/init.te

@@ -42,12 +42,6 @@
 allow init sysfs_loop:dir r_dir_perms;
 allow init sysfs_loop:file rw_file_perms;
 
-# Allow init to examine the properties of block devices.
-allow init sysfs_block_type:file { getattr read };
-# Allow init access /dev/block
-allow init bdev_type:dir r_dir_perms;
-allow init bdev_type:blk_file getattr;
-
 # Allow init to write to the drop_caches file.
 allow init proc_drop_caches:file rw_file_perms;
commit	f20fea50f12100896915184b22bb93033da8564f	[log] [tgz]
author	Bart Van Assche <bvanassche@google.com>	Tue Oct 12 09:17:14 2021 -0700
committer	Bart Van Assche <bvanassche@google.com>	Tue Oct 12 09:20:03 2021 -0700
tree	a6ea003bbb58474445bab5ad92710ee203edacdf
parent	aedd65ac207c8ec310b1f0a7f34bcc74370cf1d6 [diff]