Skip to content
Snippets Groups Projects
Commit df2547b9 authored by Nick Kralevich's avatar Nick Kralevich Committed by Gerrit Code Review
Browse files

Merge "Drop unused rules for raw I/O, mknod, and block device access."

parents 7e5b6d0c cdae7deb
No related branches found
No related tags found
No related merge requests found
......@@ -17,10 +17,3 @@ dontaudit kernel self:security setenforce;
# Set checkreqprot by init.rc prior to switching to init domain.
allow kernel self:security setcheckreqprot;
# For operations performed by kernel or init prior to switching to init domain.
## TODO: Investigate whether it is safe to remove these
allow kernel self:capability { sys_rawio mknod };
auditallow kernel self:capability { sys_rawio mknod };
allow kernel dev_type:blk_file rw_file_perms;
auditallow kernel dev_type:blk_file rw_file_perms;
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment