mediaextractor: remove domain_deprecated attribute

No "granted" messages for the removed permissions observed in three months of log audits. Bug: 28760354 Change-Id: I46b6b79b3a13108020114f3c3555adeac021b0a9

mediaextractor: remove domain_deprecated attribute
8b22f85d · Jeff Vander Stoep · Jeffrey Vander Stoep · 9604ca1d · 8b22f85d · 8b22f85d
Commit 8b22f85d authored 8 years ago by Jeff Vander Stoep Committed by Jeffrey Vander Stoep 8 years ago
--- a/domain_deprecated.te
+++ b/domain_deprecated.te
@@ -14,7 +14,7 @@ auditallow { domain_deprecated -appdomain -init -sdcardd -surfaceflinger -system

 # Inherit or receive open files from others.
 allow domain_deprecated system_server:fd use;
-auditallow { domain_deprecated -appdomain -mediaextractor -mediaserver -netd -surfaceflinger } system_server:fd use;
+auditallow { domain_deprecated -appdomain -mediaserver -netd -surfaceflinger } system_server:fd use;

 # Connect to adbd and use a socket transferred from it.
 # This is used for e.g. adb backup/restore.
@@ -96,9 +96,9 @@ auditallow { domain_deprecated -bluetooth -fingerprintd -healthd -init -netd -pr
 auditallow { domain_deprecated -bluetooth -fingerprintd -healthd -init -netd -priv_app -rild -system_app -surfaceflinger -system_server -tee -ueventd -vold -wpa } sysfs:lnk_file { getattr open ioctl lock }; # read granted in domain
 auditallow domain_deprecated inotify:dir r_dir_perms;
 auditallow domain_deprecated inotify:{ file lnk_file } r_file_perms;
-auditallow { domain_deprecated -appdomain -drmserver -fingerprintd -gatekeeperd -healthd -init -inputflinger -installd -keystore -logd -mediaextractor -mediaserver -netd -rild -surfaceflinger -system_server -zygote } cgroup:dir r_dir_perms;
-auditallow { domain_deprecated -appdomain -drmserver -fingerprintd -gatekeeperd -healthd -init -inputflinger -installd -keystore -logd -mediaextractor -mediaserver -netd -rild -surfaceflinger -system_server -zygote } cgroup:{ file lnk_file } r_file_perms;
-auditallow { domain_deprecated -appdomain -init -logd -mediaextractor -priv_app -surfaceflinger -system_server -vold } proc_meminfo:file r_file_perms;
+auditallow { domain_deprecated -appdomain -drmserver -fingerprintd -gatekeeperd -healthd -init -inputflinger -installd -keystore -logd -mediaserver -netd -rild -surfaceflinger -system_server -zygote } cgroup:dir r_dir_perms;
+auditallow { domain_deprecated -appdomain -drmserver -fingerprintd -gatekeeperd -healthd -init -inputflinger -installd -keystore -logd -mediaserver -netd -rild -surfaceflinger -system_server -zygote } cgroup:{ file lnk_file } r_file_perms;
+auditallow { domain_deprecated -appdomain -init -logd -priv_app -surfaceflinger -system_server -vold } proc_meminfo:file r_file_perms;
 auditallow { domain_deprecated -appdomain -clatd -init -logd -netd -system_server -vold -wpa -zygote } proc_net:dir { open getattr read ioctl lock }; # search granted in domain
 auditallow { domain_deprecated -appdomain -clatd -init -logd -netd -system_server -vold -wpa -zygote } proc_net:{ file lnk_file } r_file_perms;


--- a/mediaextractor.te
+++ b/mediaextractor.te
 # mediaextractor - multimedia daemon
-type mediaextractor, domain, domain_deprecated;
+type mediaextractor, domain;
 type mediaextractor_exec, exec_type, file_type;

 typeattribute mediaextractor mlstrustedsubject;