Remove sysfs_soc from isolated_app
isolated_apps are strictly limited in the /sys files which can be read.
Remove isolated_app access to a disallowed /sys file.
Test: policy compiles.
Change-Id: I04163253d1c004b714da3fb8b23419c8e802f15e
diff --git a/sepolicy/app.te b/sepolicy/app.te
index 4286547..b099712 100644
--- a/sepolicy/app.te
+++ b/sepolicy/app.te
@@ -2,5 +2,5 @@
allowxperm { appdomain -isolated_app } gpu_device:chr_file
ioctl { gpu_ioctls unpriv_tty_ioctls };
-allow appdomain sysfs_soc:dir search;
-allow appdomain sysfs_soc:file r_file_perms;
+allow { appdomain -isolated_app } sysfs_soc:dir search;
+allow { appdomain -isolated_app } sysfs_soc:file r_file_perms;
