From 97848f0516299b3744183069eeb770f9049fa6d6 Mon Sep 17 00:00:00 2001
From: Steven Moreland <smoreland@google.com>
Date: Tue, 4 Apr 2017 17:26:18 -0700
Subject: [PATCH] Remove unnecessary adbd permissions.

Test: adbd_test (with and without adb root)
  Note: one test fails without root with and without this change
        because of an unrelated shell selinux denial.
Test: adb screencap, pull, and verify
Test: Android Studio screenshot
Bug: 36643190
Change-Id: Ib534240bc9bb3a1f32b8865ca66db988902a0f4a
---
 private/adbd.te | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/private/adbd.te b/private/adbd.te
index b402335a2..5fa83e2d3 100644
--- a/private/adbd.te
+++ b/private/adbd.te
@@ -63,15 +63,6 @@ get_prop(adbd, serialno_prop)
 # Run /system/bin/bu
 allow adbd system_file:file rx_file_perms;
 
-# Perform binder IPC to surfaceflinger (screencap)
-# XXX Run screencap in a separate domain?
-binder_use(adbd)
-binder_call(adbd, surfaceflinger)
-# b/13188914
-allow adbd gpu_device:chr_file rw_file_perms;
-allow adbd ion_device:chr_file rw_file_perms;
-r_dir_file(adbd, system_file)
-
 # Needed for various screenshots
 hal_client_domain(adbd, hal_graphics_allocator)
 
-- 
GitLab