From 5dab9134411e7e757d6559f1dbb47726ed19cf27 Mon Sep 17 00:00:00 2001
From: Tri Vo <trong@google.com>
Date: Fri, 10 Nov 2017 16:55:32 -0800
Subject: [PATCH] neverallow shell access to 'device' type

Bug: 65643247
Test: builds, the change doesn't affect runtime behavior.

Change-Id: I621a8006db7074f124cb16a12662c768bb31e465
---
 private/domain.te | 1 -
 1 file changed, 1 deletion(-)

diff --git a/private/domain.te b/private/domain.te
index c0225643c..6fef27975 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -49,7 +49,6 @@ full_treble_only(`
     coredomain
     -fsck
     -init
-    -shell
     -ueventd
     -vendor_init
   } device:{ blk_file file } no_rw_file_perms;
-- 
GitLab