From 29326eda65b121fe0edbbae43bc463af17aaed9b Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Fri, 3 May 2013 11:09:15 -0400
Subject: [PATCH] Drop domain write access to sysfs for the emulator.

3.4 goldfish kernel supports sysfs labeling so we no longer need this.

Change-Id: I77514a8f3102ac8be957c57d95e7de7d5901f69d
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 domain.te | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/domain.te b/domain.te
index 7c9e7a668..3db35d7c5 100644
--- a/domain.te
+++ b/domain.te
@@ -103,9 +103,8 @@ allow domain ion_device:chr_file rw_file_perms;
 # For /sys/qemu_trace files in the emulator.
 bool in_qemu false;
 if (in_qemu) {
-allow domain sysfs:file rw_file_perms;
-}
 allow domain sysfs_writable:file rw_file_perms;
+}
 
 # Read access to pseudo filesystems.
 r_dir_file(domain, proc)
-- 
GitLab