Revert "sepolicy: fix support for lmkd"

This reverts commit 527f64e66a.

Change-Id: Ibc48af53431a8f7c7211999dcb571f492fb5ddb4

private/file_contexts

@@ -79,7 +79,6 @@
 /dev/cam		u:object_r:camera_device:s0
 /dev/console		u:object_r:console_device:s0
 /dev/cpuctl(/.*)?	u:object_r:cpuctl_device:s0
-/dev/memcg(/.*)?        u:object_r:memcg_device:s0
 /dev/device-mapper	u:object_r:dm_device:s0
 /dev/eac		u:object_r:audio_device:s0
 /dev/event-log-tags     u:object_r:runtime_event_log_tags_file:s0

public/device.te

@@ -21,7 +21,6 @@ type rtc_device, dev_type;
 type vold_device, dev_type;
 type console_device, dev_type;
 type cpuctl_device, dev_type;
-type memcg_device, dev_type;
 type fscklogs, dev_type;
 type full_device, dev_type;
 # GPU (used by most UI apps)

public/domain.te

@@ -226,9 +226,6 @@ with_asan(`allow domain system_data_file:dir getattr;')
 ### neverallow rules
 ###
 
-# Don't allow others to access memcg.
-neverallow { domain -init -lmkd userdebug_or_eng(`-domain') } memcg_device:dir_file_class_set *;
-
 # All socket ioctls must be restricted to a whitelist.
 neverallowxperm domain domain:socket_class_set ioctl { 0 };
 

public/init.te

@@ -77,7 +77,6 @@ allow init tmpfs:dir mounton;
 allow init cgroup:dir create_dir_perms;
 r_dir_file(init, cgroup)
 allow init cpuctl_device:dir { create mounton };
-allow init memcg_device:dir { create mounton };
 
 # /config
 allow init configfs:dir mounton;

public/lmkd.te

@@ -21,9 +21,6 @@ allow lmkd system_server:file write;
 r_dir_file(lmkd, sysfs_type)
 allow lmkd sysfs_lowmemorykiller:file w_file_perms;
 
-allow lmkd memcg_device:dir search;
-allow lmkd memcg_device:file rw_file_perms;
-
 # Send kill signals
 allow lmkd appdomain:process sigkill;
 
@@ -35,8 +32,6 @@ allow lmkd self:capability sys_nice;
 
 allow lmkd proc_zoneinfo:file r_file_perms;
 
-r_dir_file(lmkd, cgroup)
-
 ### neverallow rules
 
 # never honor LD_PRELOAD