Remove appdomain sysfs auditallow.

Large numbers of denials have been collected. Remove from logging until further action is taken to address existing denials and remove sysfs access from additional appdomains. Change-Id: Ia7ad6264d85490824089b5074bf9c22303cc864a
author: dcashman <dcashman@google.com> 2016-02-10 12:26:41 -0800
committer: dcashman <dcashman@google.com> 2016-02-10 12:26:41 -0800
commit: 0b80f4dc8aa09817532138ff2d1fbdc98a34a4ac (patch)
tree: 9dbc45161576156734210905506a55a1c746c162
parent: 3ec34ceb43b15c30e9c7bf1720ebea24f868d07a (diff)
download: sepolicy-0b80f4dc8aa09817532138ff2d1fbdc98a34a4ac.tar.gz
1 files changed, 0 insertions, 4 deletions
diff --git a/app.te b/app.te
index 993c025..19f9b61 100644
--- a/app.te
+++ b/app.te
@@ -226,10 +226,6 @@ allow appdomain runas_exec:file getattr;
 selinux_check_access(appdomain)
 selinux_check_context(appdomain)
 
-# appdomain should not be accessing information on /sys
-auditallow { appdomain userdebug_or_eng(`-su') } sysfs:dir { open getattr read ioctl };
-auditallow { appdomain userdebug_or_eng(`-su') } sysfs:file r_file_perms;
-
 # Apps receive an open tun fd from the framework for
 # device traffic. Do not allow untrusted app to directly open tun_device
 allow { appdomain -isolated_app } tun_device:chr_file { read write getattr ioctl append };
author	dcashman <dcashman@google.com>	2016-02-10 12:26:41 -0800
committer	dcashman <dcashman@google.com>	2016-02-10 12:26:41 -0800
commit	0b80f4dc8aa09817532138ff2d1fbdc98a34a4ac (patch)
tree	9dbc45161576156734210905506a55a1c746c162
parent	3ec34ceb43b15c30e9c7bf1720ebea24f868d07a (diff)
download	sepolicy-0b80f4dc8aa09817532138ff2d1fbdc98a34a4ac.tar.gz