From a16a59e2c7f1e2f09bf7b750101973a974c972e8 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Wed, 14 May 2014 14:04:16 -0400
Subject: [PATCH] Remove graphics_device access.

Neither mediaserver nor system_server appear to require
direct access to graphics_device, i.e. the framebuffer
device.  Drop it.

Change-Id: Ie9d1be3f9071584155cddf248ea85e174b7e50a6
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 mediaserver.te   | 3 +--
 system_server.te | 3 ---
 2 files changed, 1 insertion(+), 5 deletions(-)

diff --git a/mediaserver.te b/mediaserver.te
index 6fdc0803b..439315f83 100644
--- a/mediaserver.te
+++ b/mediaserver.te
@@ -23,8 +23,7 @@ allow mediaserver media_data_file:file create_file_perms;
 allow mediaserver app_data_file:dir search;
 allow mediaserver app_data_file:file rw_file_perms;
 allow mediaserver sdcard_type:file write;
-allow mediaserver { gpu_device graphics_device }:chr_file rw_file_perms;
-auditallow mediaserver graphics_device:chr_file rw_file_perms;
+allow mediaserver gpu_device:chr_file rw_file_perms;
 allow mediaserver video_device:dir r_dir_perms;
 allow mediaserver video_device:chr_file rw_file_perms;
 allow mediaserver audio_device:dir r_dir_perms;
diff --git a/system_server.te b/system_server.te
index e6fe653e0..81e31fcfc 100644
--- a/system_server.te
+++ b/system_server.te
@@ -150,9 +150,6 @@ allow system_server device:dir r_dir_perms;
 allow system_server mdns_socket:sock_file rw_file_perms;
 allow system_server alarm_device:chr_file rw_file_perms;
 allow system_server gpu_device:chr_file rw_file_perms;
-allow system_server graphics_device:dir search;
-allow system_server graphics_device:chr_file rw_file_perms;
-auditallow system_server graphics_device:chr_file rw_file_perms;
 allow system_server iio_device:chr_file rw_file_perms;
 allow system_server input_device:dir r_dir_perms;
 allow system_server input_device:chr_file rw_file_perms;
-- 
GitLab