From 8aef51e71e5a419fed01f6c78f8bc76b2a78e11a Mon Sep 17 00:00:00 2001
From: Max Bires <jbires@google.com>
Date: Wed, 18 Jan 2017 15:27:27 -0800
Subject: [PATCH] Removing setprop permissions from rild.

There were some auditallow rules left around in rild.te that had logs
showing nothing was triggering them. Thus the rules they were auditing
could be removed, as that's clear indication there's no use for them.
Having rules around that aren't being used does nothing except increase
attack surface and bloat sepolicy, and so should always be removed if
possible.

Test: The device boots
Change-Id: I906ffc493807fbae90593548d478643cda4864eb
---
 public/rild.te | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/public/rild.te b/public/rild.te
index 398167601..4d9cb2111 100644
--- a/public/rild.te
+++ b/public/rild.te
@@ -28,10 +28,6 @@ allow rild system_file:file x_file_perms;
 
 # property service
 set_prop(rild, radio_prop)
-set_prop(rild, net_radio_prop)
-set_prop(rild, system_radio_prop)
-auditallow rild net_radio_prop:property_service set;
-auditallow rild system_radio_prop:property_service set;
 
 allow rild tty_device:chr_file rw_file_perms;
 
-- 
GitLab