From 4367cf2d1e9b62b310a2187408afde0dee54897d Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Tue, 1 Dec 2015 16:51:47 -0800
Subject: [PATCH] mdnsd: Remove domain_deprecated

Remove domain_deprecated from mdnsd. This removes some unnecessarily
permissive rules from mdnsd.

As part of this, re-allow /proc/net access, which is removed as
a result of removing domain_deprecated.

Bug: 25433265
Change-Id: Ie1cf27179ac2e9170cf4cd418aea3256b9534603
---
 mdnsd.te | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/mdnsd.te b/mdnsd.te
index 43ef26751..a9dc7c565 100644
--- a/mdnsd.te
+++ b/mdnsd.te
@@ -1,6 +1,9 @@
 # mdns daemon
-type mdnsd, domain, domain_deprecated, mlstrustedsubject;
+type mdnsd, domain, mlstrustedsubject;
 type mdnsd_exec, exec_type, file_type;
 
 init_daemon_domain(mdnsd)
 net_domain(mdnsd)
+
+# Read from /proc/net
+r_dir_file(mdnsd, proc_net)
-- 
GitLab