Make all domains unconfined. This prevents denials from being generated by the base policy. Over time, these rules will be incrementally tightened to improve security. Change-Id: I4be1c987a5d69ac784a56d42fc2c9063c402de11

commit: 77d4731e9d30c8971e076e2469d6957619019921 [log] [tgz]
author: repo sync <gcondra@google.com> Fri May 17 17:11:29 2013 -0700
committer: repo sync <gcondra@google.com> Mon May 20 11:08:05 2013 -0700
tree: a09ca764a3474bfaf20c0aafee0bf3a907d382fe
parent: 42cabf341c8a600a218023ec69b3518e3d3d482c [diff] [blame]
diff --git a/sdcardd.te b/sdcardd.te
index 3e556c3..32e686c 100644
--- a/sdcardd.te
+++ b/sdcardd.te

@@ -3,11 +3,4 @@
 type sdcardd_exec, exec_type, file_type;
 
 init_daemon_domain(sdcardd)
-
-allow sdcardd cgroup:dir create_dir_perms;
-allow sdcardd fuse_device:chr_file rw_file_perms;
-allow sdcardd rootfs:dir mounton;
-allow sdcardd sdcard_type:filesystem mount;
-allow sdcardd self:capability { setuid setgid dac_override sys_admin sys_resource };
-allow sdcardd system_data_file:dir  create_dir_perms;
-allow sdcardd system_data_file:file create_file_perms;
+unconfined_domain(sdcardd)
commit	77d4731e9d30c8971e076e2469d6957619019921	[log] [tgz]
author	repo sync <gcondra@google.com>	Fri May 17 17:11:29 2013 -0700
committer	repo sync <gcondra@google.com>	Mon May 20 11:08:05 2013 -0700
tree	a09ca764a3474bfaf20c0aafee0bf3a907d382fe
parent	42cabf341c8a600a218023ec69b3518e3d3d482c [diff] [blame]