From 3308342f718663a01edb0a5502390d52cab9ebe3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Maciej=20=C5=BBenczykowski?= <maze@google.com>
Date: Fri, 24 Jan 2020 05:24:06 -0800
Subject: netd does not require and should not have SYS_ADMIN nor module
 loading privs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Any required functionally should be built into the kernel.

Test: NA
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ide42a95a36707a2fec3b641cbdcacfbc44a16d3d
(cherry picked from commit c3199dc0cdc1a658fce75d11694c21fd990948a9)
---
 sepolicy/netd.te | 2 --
 1 file changed, 2 deletions(-)
 delete mode 100644 sepolicy/netd.te

diff --git a/sepolicy/netd.te b/sepolicy/netd.te
deleted file mode 100644
index a4af5c0..0000000
--- a/sepolicy/netd.te
+++ /dev/null
@@ -1,2 +0,0 @@
-allow netd kernel:system { module_request };
-allow netd self:capability { sys_admin sys_module };
-- 
cgit v1.2.3