domain_deprecated: remove rootfs rules

Observed audited access to rootfs moved to individual domains in commit a12aad45 Bug: 28760354 Test: build Change-Id: Ie5e991d66668e70df69f21334032be6d574bf5c8

domain_deprecated: remove rootfs rules
90d2772a · Jeff Vander Stoep · c501c345 · 90d2772a
Commit 90d2772a authored 7 years ago by Jeff Vander Stoep
--- a/public/domain_deprecated.te
+++ b/public/domain_deprecated.te
 # rules removed from the domain attribute

-# Root fs.
-allow domain_deprecated rootfs:dir r_dir_perms;
-allow domain_deprecated rootfs:file r_file_perms;
-allow domain_deprecated rootfs:lnk_file r_file_perms;
-userdebug_or_eng(`
-auditallow {
-  domain_deprecated
-  -fsck
-  -healthd
-  -installd
-  -recovery
-  -servicemanager
-  -system_server
-  -ueventd
-  -uncrypt
-  -vold
-  -zygote
-} rootfs:dir { open getattr read ioctl lock }; # search granted in domain
-auditallow {
-  domain_deprecated
-  -healthd
-  -installd
-  -recovery
-  -servicemanager
-  -system_server
-  -ueventd
-  -uncrypt
-  -vold
-  -zygote
-} rootfs:file r_file_perms;
-auditallow {
-  domain_deprecated
-  -appdomain
-  -healthd
-  -installd
-  -recovery
-  -servicemanager
-  -system_server
-  -ueventd
-  -uncrypt
-  -vold
-  -zygote
-} rootfs:lnk_file { getattr open ioctl lock }; # read granted in domain
-')
-
 # System file accesses.
 allow domain_deprecated system_file:dir r_dir_perms;
 allow domain_deprecated system_file:file r_file_perms;