Remove the dac_override permission.
Instead of getting this, it is better to add the process
to a group or change the permissions of the files it tries to access.
Test: Built the policy.
Change-Id: Ic56ecef58d4459f3b7aed61476b14ad9f1de0849
Merged-In: Ic56ecef58d4459f3b7aed61476b14ad9f1de0849
(cherry picked from commit 3225d2f9396c09b61212478b8b4e06d671f6e046)
(cherry picked from commit 39de26460b022bd394e4b3a3e14276a38147b71e)
diff --git a/shared/sepolicy/vsoc_guest_region_e2e_test.te b/shared/sepolicy/vsoc_guest_region_e2e_test.te
index f1bb7a0..6e16940 100644
--- a/shared/sepolicy/vsoc_guest_region_e2e_test.te
+++ b/shared/sepolicy/vsoc_guest_region_e2e_test.te
@@ -3,7 +3,5 @@
init_daemon_domain(vsoc_guest_region_e2e_test)
-allow vsoc_guest_region_e2e_test self:capability dac_override;
-
# Access region test devices
allow vsoc_guest_region_e2e_test region_e2e_test_device:chr_file rw_file_perms;
