domain_deprecated: remove tmpfs dir access am: ca5bb337 am: 453f4a51 am: 407e9457

am: 8b0f89e4 Change-Id: I6a75dc96a8e5994f22a8776a413d8a6a01da4fdd

domain_deprecated: remove tmpfs dir access am: ca5bb337 am: 453f4a51 am: 407e9457
c0c982a5 · Jeff Vander Stoep · android-build-merger · 0f0d5c00 · 8b0f89e4 · c0c982a5
Commit c0c982a5 authored 7 years ago by Jeff Vander Stoep Committed by android-build-merger 7 years ago
--- a/private/domain_deprecated.te
+++ b/private/domain_deprecated.te
 # rules removed from the domain attribute

-# Search /storage/emulated tmpfs mount.
-allow { domain_deprecated -installd } tmpfs:dir r_dir_perms;
-userdebug_or_eng(`
-auditallow {
-  domain_deprecated
-  -appdomain
-  -installd
-  -recovery
-  -sdcardd
-  -surfaceflinger
-  -system_server
-  -vold
-  -zygote
-} tmpfs:dir r_dir_perms;
-')
-
 # Root fs.
 allow domain_deprecated rootfs:dir r_dir_perms;
 allow domain_deprecated rootfs:file r_file_perms;

--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -84,7 +84,7 @@ allow dumpstate sysfs_usb:file w_file_perms;
 allow dumpstate qtaguid_proc:file r_file_perms;
 allow dumpstate debugfs:file r_file_perms;
 # df for /storage/emulated needs search
-allow dumpstate { storage_file block_device }:dir { search getattr };
+allow dumpstate { block_device storage_file tmpfs }:dir { search getattr };
 allow dumpstate fuse_device:chr_file getattr;
 allow dumpstate { dm_device cache_block_device }:blk_file getattr;