Make all domains unconfined.
This prevents denials from being generated by the base policy.
Over time, these rules will be incrementally tightened to improve
security.
Change-Id: I4be1c987a5d69ac784a56d42fc2c9063c402de11
diff --git a/ppp.te b/ppp.te
index 85d37a7..3387cde 100644
--- a/ppp.te
+++ b/ppp.te
@@ -4,15 +4,5 @@
type ppp_device, dev_type;
type ppp_exec, exec_type, file_type;
type ppp_system_file, file_type;
-
+unconfined_domain(ppp)
domain_auto_trans(mtp, ppp_exec, ppp)
-
-allow ppp mtp:socket { read write ioctl };
-allow ppp ppp_device:chr_file rw_file_perms;
-allow ppp self:capability net_admin;
-allow ppp self:udp_socket { create ioctl };
-allow ppp ppp_system_file:dir search;
-allow ppp ppp_system_file:file rx_file_perms;
-allow ppp vpn_data_file:dir w_dir_perms;
-allow ppp vpn_data_file:file create_file_perms;
-allow ppp mtp:fd use;