domain_deprecated: remove system_file rules

Logs indicate that these rules have already been moved to the domains that need them. Bug: 28760354 Test: build Merged-In: I588a1e7ea7ef984907b79a5a391efb2dcd6e6431 Change-Id: I588a1e7ea7ef984907b79a5a391efb2dcd6e6431

domain_deprecated: remove system_file rules
dbe0f65a · Jeff Vander Stoep · Jeffrey Vander Stoep · 90d2772a · dbe0f65a
Commit dbe0f65a authored 7 years ago by Jeff Vander Stoep Committed by Jeffrey Vander Stoep 7 years ago
--- a/public/domain_deprecated.te
+++ b/public/domain_deprecated.te
 # rules removed from the domain attribute

-# System file accesses.
-allow domain_deprecated system_file:dir r_dir_perms;
-allow domain_deprecated system_file:file r_file_perms;
-userdebug_or_eng(`
-auditallow {
-  domain_deprecated
-  -appdomain
-  -fingerprintd
-  -installd
-  -keystore
-  -rild
-  -surfaceflinger
-  -system_server
-  -update_engine
-  -vold
-  -zygote
-} system_file:dir { open read ioctl lock }; # search getattr in domain
-auditallow {
-  domain_deprecated
-  -appdomain
-  -rild
-  -surfaceflinger
-  -system_server
-  -zygote
-} system_file:file { ioctl lock }; # read open getattr in domain
-')
-
 # Read files already opened under /data.
 allow domain_deprecated system_data_file:file { getattr read };
 allow domain_deprecated system_data_file:lnk_file r_file_perms;