From 98a2f7feda8d2951d5495098f9ce72ef63ccac98 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Tue, 14 Apr 2015 18:58:26 -0700
Subject: [PATCH] Remove recovery from mknod neverallow rule

This was only used on grouper, which is now EOLd.

Change-Id: Idb65930bb214fdb3339b18fae94ffb3f6ac391c5
---
 domain.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/domain.te b/domain.te
index ffd1704c7..fc7a0357d 100644
--- a/domain.te
+++ b/domain.te
@@ -185,7 +185,7 @@ neverallow {
 } self:capability sys_ptrace;
 
 # Limit device node creation to these whitelisted domains.
-neverallow { domain -kernel -init -recovery -ueventd -watchdogd -healthd -vold -uncrypt -slideshow } self:capability mknod;
+neverallow { domain -kernel -init -ueventd -watchdogd -healthd -vold -uncrypt -slideshow } self:capability mknod;
 
 # Limit raw I/O to these whitelisted domains.
 neverallow { domain -kernel -init -recovery -ueventd -watchdogd -healthd -vold -uncrypt -tee } self:capability sys_rawio;
-- 
GitLab