From c37856c4d223f798908c5bde46a8aa37d2b6ffbc Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Thu, 4 Apr 2013 11:48:09 -0400
Subject: [PATCH] Remove unnecessary rules.

Redundant with other rules or not required for untrusted app.

Change-Id: Idb5d50326cc14696423cf133508c0d013c5928a6
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 cts.te | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/cts.te b/cts.te
index 3a414788f..11b769833 100644
--- a/cts.te
+++ b/cts.te
@@ -23,16 +23,9 @@ allow appdomain file_type:dir_file_class_set getattr;
 allow appdomain dev_type:dir_file_class_set getattr;
 allow appdomain fs_type:dir_file_class_set getattr;
 
-# Accesses to apk_tmp_file and shell_data_file
-allow appdomain apk_tmp_file:file rw_file_perms;
-allow appdomain shell_data_file:file r_file_perms;
-
 # Read permission over link file to devices.
 allow appdomain dev_type:lnk_file read;
 
-# Read routing information.
-allow netdomain self:netlink_route_socket { create read write nlmsg_read };
-
 # Tries to open /dev/alarm for writing but expects failure.
 dontaudit appdomain alarm_device:chr_file write;
 
-- 
GitLab