From 583270262c5d09a43ca5ee597d269fdf63a865bb Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Tue, 7 Jan 2014 08:52:15 -0800
Subject: [PATCH] Revert "Make surfaceflinger domain enforcing."

There are continued complaints about not being able to generate
bug reports and surfaceflinger crashes. Move surfaceflinger
out of enforcing until I can resolve this.

Here are some denials I'm seeing. I'm not sure what binder service is
running in the shell domain... Need to do more digging.

nnk@nnk:~/Downloads$ grep "avc: " screenshot_runtime_restart.txt  | grep surfaceflinger
<5>[    5.182699] type=1400 audit(1389111729.860:9): avc:  denied  { search } for  pid=186 comm="surfaceflinger" name="tmp" dev="mmcblk0p28" ino=627090 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:shell_data_file:s0 tclass=dir
<5>[  744.988702] type=1400 audit(1389112469.578:188): avc:  denied  { call } for  pid=596 comm="Binder_3" scontext=u:r:surfaceflinger:s0 tcontext=u:r:shell:s0 tclass=binder

This reverts commit a11c56e1249419d92db70d11b2976bf8962bad5d.

Bug: 12416329
Change-Id: I7b72608c760c4087f73047ad751a5bd069fa2ec7
---
 surfaceflinger.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/surfaceflinger.te b/surfaceflinger.te
index 246f41ccc..e926bc89c 100644
--- a/surfaceflinger.te
+++ b/surfaceflinger.te
@@ -1,5 +1,6 @@
 # surfaceflinger - display compositor service
 type surfaceflinger, domain;
+permissive surfaceflinger;
 type surfaceflinger_exec, exec_type, file_type;
 
 init_daemon_domain(surfaceflinger)
-- 
GitLab