Remove appdomain sysfs auditallow.
Large numbers of denials have been collected. Remove from logging until
further action is taken to address existing denials and remove sysfs
access from additional appdomains.
Change-Id: Ia7ad6264d85490824089b5074bf9c22303cc864a
diff --git a/app.te b/app.te
index 993c025..19f9b61 100644
--- a/app.te
+++ b/app.te
@@ -226,10 +226,6 @@
selinux_check_access(appdomain)
selinux_check_context(appdomain)
-# appdomain should not be accessing information on /sys
-auditallow { appdomain userdebug_or_eng(`-su') } sysfs:dir { open getattr read ioctl };
-auditallow { appdomain userdebug_or_eng(`-su') } sysfs:file r_file_perms;
-
# Apps receive an open tun fd from the framework for
# device traffic. Do not allow untrusted app to directly open tun_device
allow { appdomain -isolated_app } tun_device:chr_file { read write getattr ioctl append };
