From 10c69455c062edd373cac2fc0d31dfaa5f2e270a Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Thu, 5 Oct 2017 15:38:40 -0700
Subject: [PATCH] Remove world writable sysfs files

Test: build
Change-Id: I8c4b705726af8629413c5563c2cdba07d9815661
Merged-In: I9d18d31a9a65f785cf4bc69f011990e9f8182228
---
 target/board/generic/sepolicy/domain.te     | 3 ---
 target/board/generic/sepolicy/file.te       | 1 -
 target/board/generic/sepolicy/file_contexts | 1 -
 3 files changed, 5 deletions(-)

diff --git a/target/board/generic/sepolicy/domain.te b/target/board/generic/sepolicy/domain.te
index 5d5e4ac36f..3706dbaa09 100644
--- a/target/board/generic/sepolicy/domain.te
+++ b/target/board/generic/sepolicy/domain.te
@@ -1,6 +1,3 @@
-# For /sys/qemu_trace files in the emulator.
-allow domain sysfs_writable:dir search;
-allow domain sysfs_writable:file rw_file_perms;
 allow domain qemu_device:chr_file rw_file_perms;
 
 get_prop(domain, qemu_prop)
diff --git a/target/board/generic/sepolicy/file.te b/target/board/generic/sepolicy/file.te
index 9227f8018a..6fad80acbe 100644
--- a/target/board/generic/sepolicy/file.te
+++ b/target/board/generic/sepolicy/file.te
@@ -1,2 +1 @@
 type qemud_socket, file_type;
-type sysfs_writable, fs_type, sysfs_type, mlstrustedobject;
diff --git a/target/board/generic/sepolicy/file_contexts b/target/board/generic/sepolicy/file_contexts
index d1a1e8cefc..d86a63b0e8 100644
--- a/target/board/generic/sepolicy/file_contexts
+++ b/target/board/generic/sepolicy/file_contexts
@@ -15,7 +15,6 @@
 /dev/ttyGF[0-9]*             u:object_r:serial_device:s0
 /dev/ttyS2                   u:object_r:console_device:s0
 /system/bin/qemud            u:object_r:qemud_exec:s0
-/sys/qemu_trace(/.*)?        u:object_r:sysfs_writable:s0
 /system/etc/init.goldfish.sh u:object_r:goldfish_setup_exec:s0
 /system/vendor/bin/init.ranchu-core.sh u:object_r:goldfish_setup_exec:s0
 /system/vendor/bin/init.ranchu-net.sh u:object_r:goldfish_setup_exec:s0