From 3e5bb807fc5b1571e6af6a2a35d7534bfd4562a8 Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Sun, 9 Jul 2017 16:29:21 -0700
Subject: [PATCH] domain_deprecated: remove access to /proc/meminfo

Logs indicate that all processes that require access already have it.

Bug: 28760354
Test: build
Merged-In: I3dfa16bf4fba7f653c5f8525e8c565e9e24334a8
Change-Id: I3dfa16bf4fba7f653c5f8525e8c565e9e24334a8
---
 public/domain_deprecated.te | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/public/domain_deprecated.te b/public/domain_deprecated.te
index e5feb9aab..3c296ccfd 100644
--- a/public/domain_deprecated.te
+++ b/public/domain_deprecated.te
@@ -154,7 +154,6 @@ auditallow {
 r_dir_file(domain_deprecated, proc)
 r_dir_file(domain_deprecated, sysfs)
 r_dir_file(domain_deprecated, cgroup)
-allow domain_deprecated proc_meminfo:file r_file_perms;
 
 userdebug_or_eng(`
 auditallow {
@@ -245,11 +244,4 @@ auditallow {
   -system_server
   -zygote
 } cgroup:{ file lnk_file } r_file_perms;
-auditallow {
-  domain_deprecated
-  -appdomain
-  -surfaceflinger
-  -system_server
-  -vold
-} proc_meminfo:file r_file_perms;
 ')
-- 
GitLab