From 2ea12cd34581f9490e8deacbceff66c7f75bb070 Mon Sep 17 00:00:00 2001
From: Tri Vo <trong@google.com>
Date: Thu, 16 Nov 2017 17:17:15 -0800
Subject: [PATCH] mediaserver: remove access to 'sysfs' type.

Bug: 65643247
Test: cts-tradefed run cts-dev -m \
CtsMediaTestCases --compatibility:module-arg \
CtsMediaTestCases:include-annotation:\
android.platform.test.annotations.RequiresDevice
No denials from mediaserver domain to sysfs type are observed.
Change-Id: Icb5c12f04af213452d82e226993fe13085c5c33f
---
 private/domain.te     | 1 -
 public/mediaserver.te | 3 ---
 2 files changed, 4 deletions(-)

diff --git a/private/domain.te b/private/domain.te
index 4015cf93b..66fb64024 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -40,7 +40,6 @@ full_treble_only(`
     -dumpstate
     -healthd
     -init
-    -mediaserver
     -priv_app
     -storaged
     -system_app
diff --git a/public/mediaserver.te b/public/mediaserver.te
index 6efaf0fdf..f0c94edc0 100644
--- a/public/mediaserver.te
+++ b/public/mediaserver.te
@@ -39,9 +39,6 @@ allow mediaserver video_device:chr_file rw_file_perms;
 
 set_prop(mediaserver, audio_prop)
 
-# XXX Label with a specific type?
-allow mediaserver sysfs:file r_file_perms;
-
 # Read resources from open apk files passed over Binder.
 allow mediaserver apk_data_file:file { read getattr };
 allow mediaserver asec_apk_file:file { read getattr };
-- 
GitLab