From d1a8f0dcb47fce763ecd446a3ba20514bd98a430 Mon Sep 17 00:00:00 2001
From: Ashwini Oruganti <ashfall@google.com>
Date: Thu, 9 Jan 2020 13:02:38 -0800
Subject: [PATCH] priv_app: Remove rules for storaged

We added an auditallow for these permissions on 11/26/2019, and have not
seen any recent logs for this in go/sedenials. No other priv-app should
rely on this now that gmscore is running in its own domain.

Bug: 142672293
Test: TH
Change-Id: I2a59cac8041646b548ba1a73fcd5fddabb4d1429
---
 private/priv_app.te | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/private/priv_app.te b/private/priv_app.te
index f68586aa2..877bf8e51 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -122,18 +122,6 @@ userdebug_or_eng(`
 # access the mac address
 allowxperm priv_app self:udp_socket ioctl SIOCGIFHWADDR;
 
-# Allow GMS core to communicate with dumpsys storaged.
-binder_call(priv_app, storaged)
-allow priv_app storaged_service:service_manager find;
-# b/142672293: No other priv-app should need this allow rule now that GMS core runs in its own domain.
-userdebug_or_eng(`
-  auditallow priv_app storaged:binder { call transfer };
-  auditallow storaged priv_app:binder transfer;
-  auditallow priv_app storaged:fd use;
-  auditallow priv_app storaged_service:service_manager find;
-')
-
-
 # Allow GMS core to access system_update_service (e.g. to publish pending
 # system update info).
 allow priv_app system_update_service:service_manager find;