From bb7ece439ba4d2a2c8b361e893561ab0ddb6f8ac Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Thu, 5 Oct 2017 14:50:17 -0700
Subject: [PATCH] Remove world writable sysfs files

Test: build
Change-Id: I9d18d31a9a65f785cf4bc69f011990e9f8182228
---
 target/board/generic/sepolicy/domain.te     | 3 ---
 target/board/generic/sepolicy/file.te       | 1 -
 target/board/generic/sepolicy/file_contexts | 1 -
 3 files changed, 5 deletions(-)
 delete mode 100644 target/board/generic/sepolicy/file.te

diff --git a/target/board/generic/sepolicy/domain.te b/target/board/generic/sepolicy/domain.te
index 5d5e4ac36f..3706dbaa09 100644
--- a/target/board/generic/sepolicy/domain.te
+++ b/target/board/generic/sepolicy/domain.te
@@ -1,6 +1,3 @@
-# For /sys/qemu_trace files in the emulator.
-allow domain sysfs_writable:dir search;
-allow domain sysfs_writable:file rw_file_perms;
 allow domain qemu_device:chr_file rw_file_perms;
 
 get_prop(domain, qemu_prop)
diff --git a/target/board/generic/sepolicy/file.te b/target/board/generic/sepolicy/file.te
deleted file mode 100644
index f4ae9e43b3..0000000000
--- a/target/board/generic/sepolicy/file.te
+++ /dev/null
@@ -1 +0,0 @@
-type sysfs_writable, fs_type, sysfs_type, mlstrustedobject;
diff --git a/target/board/generic/sepolicy/file_contexts b/target/board/generic/sepolicy/file_contexts
index f550f4db2e..a9b1472040 100644
--- a/target/board/generic/sepolicy/file_contexts
+++ b/target/board/generic/sepolicy/file_contexts
@@ -15,7 +15,6 @@
 /dev/qemu_.*                 u:object_r:qemu_device:s0
 /dev/ttyGF[0-9]*             u:object_r:serial_device:s0
 /dev/ttyS2                   u:object_r:console_device:s0
-/sys/qemu_trace(/.*)?        u:object_r:sysfs_writable:s0
 /vendor/bin/init\.ranchu-core\.sh u:object_r:goldfish_setup_exec:s0
 /vendor/bin/init\.ranchu-net\.sh u:object_r:goldfish_setup_exec:s0
 /vendor/bin/qemu-props       u:object_r:qemu_props_exec:s0