From 17bec835d5cf1dfd3fa94df3b0da84a1e731e447 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Mon, 9 Dec 2013 10:23:16 -0500
Subject: Do not change ownership on /sys/fs/selinux/enforce.

There is no longer any reason to permit system UID to set enforcing mode.

Change-Id: Ie28beed1ca2b215c71f2847e2390cee1af1713c3
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 rootdir/init.rc | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/rootdir/init.rc b/rootdir/init.rc
index 109f15b4e..d1822cf96 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -356,9 +356,6 @@ on boot
     chown system system /sys/kernel/ipv4/tcp_rmem_max
     chown root radio /proc/cmdline
 
-# Set these so we can remotely update SELinux policy
-    chown system system /sys/fs/selinux/enforce
-
 # Define TCP buffer sizes for various networks
 #   ReadMin, ReadInitial, ReadMax, WriteMin, WriteInitial, WriteMax,
     setprop net.tcp.buffersize.default  4096,87380,110208,4096,16384,110208
-- 
cgit v1.2.3