From 07e7348921816cf4f02006016c06d07156c2bd51 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Sat, 28 Feb 2015 03:55:15 -0800
Subject: [PATCH] init: drop read_policy permission

As of https://android-review.googlesource.com/127858 ,
open(O_RDONLY) is no longer used for chmod. It's no
longer necessary to allow init to read the SELinux policy.

Change-Id: I691dd220827a01a8d7a9955b62f8aca50eb25447
---
 init.te | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/init.te b/init.te
index 7f8ae5439..564e55751 100644
--- a/init.te
+++ b/init.te
@@ -115,9 +115,6 @@ allow init kernel:security load_policy;
 allow init kernel:system syslog_mod;
 allow init self:capability2 syslog;
 
-# Triggered by chmod 0444 /sys/fs/selinux/policy.
-allow init kernel:security read_policy;
-
 # Set usermodehelpers and /proc security settings.
 allow init usermodehelper:file rw_file_perms;
 allow init proc_security:file rw_file_perms;
-- 
GitLab