From 2bfb59df61ff6e755d70f6316572996853d17446 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Thu, 9 May 2013 09:08:25 -0700
Subject: [PATCH] Remove sys_boot

sys_boot is not needed for adb as of system/core commit
ca8e66a8b0f843812014a28d49208f9f6f64ecbc

sys_boot is not needed for system server as of frameworks/base
commit dbcf2d7482562eff45ac727cea799b37a260e399

Change-Id: I61379ea858e05acd239c9b16e4e2bf454af3f51c
---
 adbd.te   | 2 +-
 system.te | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/adbd.te b/adbd.te
index c565bd75e..bbca4d933 100644
--- a/adbd.te
+++ b/adbd.te
@@ -3,7 +3,7 @@
 type adbd, domain, mlstrustedsubject;
 allow adbd adb_device:chr_file rw_file_perms;
 allow adbd qemu_device:chr_file rw_file_perms;
-allow adbd self:capability { net_raw setgid setuid dac_override sys_boot sys_admin };
+allow adbd self:capability { net_raw setgid setuid dac_override sys_admin };
 allow adbd rootfs:file { r_file_perms entrypoint };
 allow adbd init:process sigchld;
 allow adbd self:tcp_socket *;
diff --git a/system.te b/system.te
index 66a7afc4e..4d963c4c1 100644
--- a/system.te
+++ b/system.te
@@ -48,7 +48,7 @@ bluetooth_domain(system)
 # These are the capabilities assigned by the zygote to the
 # system server.
 # XXX See if we can remove some of these.
-allow system self:capability { kill net_bind_service net_broadcast net_admin net_raw sys_module sys_boot sys_nice sys_resource sys_time sys_tty_config };
+allow system self:capability { kill net_bind_service net_broadcast net_admin net_raw sys_module sys_nice sys_resource sys_time sys_tty_config };
 
 # Triggered by /proc/pid accesses, not allowed.
 dontaudit system self:capability sys_ptrace;
-- 
GitLab