From 9ca13651c2811583fdef53afb38538b2dfe6a33d Mon Sep 17 00:00:00 2001
From: Juju Sung <juju.sung@mediatek.com>
Date: Sat, 18 Jan 2020 10:08:09 +0800
Subject: [PATCH] [ALPS04239425] Sepolicy: remove neverallow rule

[Detail]
app_zygote.te violated by allow app_zygote aee_aed:unix_stream_socket { connectto };
domain.te violated by allow aee_aedv debugfs:lnk_file { read };
We remove two policy to prevent build break.

MTK-Commit-Id: 7035ebb6f8308dc756848a173bb2a412d421f9b3

Test: Build only
Change-Id: I6b228a38d5953e2ceaa41c4193d2bf6c14bee581
CR-Id: ALPS04239425
Feature:Android Exception Engine(AEE)
---
 non_plat/aee_aedv.te | 2 +-
 non_plat/domain.te   | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/non_plat/aee_aedv.te b/non_plat/aee_aedv.te
index 61fd020..707e0c5 100644
--- a/non_plat/aee_aedv.te
+++ b/non_plat/aee_aedv.te
@@ -131,7 +131,7 @@ allow aee_aedv crash_dump:file r_file_perms;
 allow aee_aedv vendor_file:file execute_no_trans;
 
 # Purpose: debugfs files
-allow aee_aedv debugfs:lnk_file read;
+# allow aee_aedv debugfs:lnk_file read;
 allow aee_aedv debugfs_binder:dir { read open };
 allow aee_aedv debugfs_binder:file { read open };
 allow aee_aedv debugfs_blockio:file { read open };
diff --git a/non_plat/domain.te b/non_plat/domain.te
index 3f509d7..14ceb2d 100644
--- a/non_plat/domain.te
+++ b/non_plat/domain.te
@@ -30,9 +30,9 @@ allow coredomain vendor_file:lnk_file { getattr read };
 
 # Date:20170630
 # Purpose: allow trusted process to connect aee daemon
-allow {
-  coredomain
-  -untrusted_app_all
-} aee_aed:unix_stream_socket connectto;
+#allow {
+#  coredomain
+#  -untrusted_app_all
+#} aee_aed:unix_stream_socket connectto;
 allow { domain -coredomain -hal_configstore_server -vendor_init } aee_aedv:unix_stream_socket connectto;