storaged.te: Remove redundant permission.

All SELinux domains are already granted the ability to read the filenames in /proc, so it's unnecessary to add it to storaged.te. $ grep "proc:dir r_dir_perms" public/domain.te allow domain proc:dir r_dir_perms; Remove redundant rule. Test: policy compiles. Change-Id: I8779cda19176f7eb914778f131bb5b14e5b14448
2017-01-06 18:53:12 -08:00 · 2017-01-06 18:53:12 -08:00 · 1a022cbbe7
commit 1a022cbbe7
parent 110588797d
1 changed files with 0 additions and 1 deletions
--- a/private/storaged.te
+++ b/private/storaged.te
@ -8,7 +8,6 @@ init_daemon_domain(storaged)
 allow storaged kmsg_device:chr_file { write append };

 # Read access to pseudo filesystems
-allow storaged proc:dir r_dir_perms;
 r_dir_file(storaged, sysfs_type)
 r_dir_file(storaged, proc_net)
 r_dir_file(storaged, domain)