Remove unnecessary rules. Redundant with other rules or not required for untrusted app. Change-Id: Idb5d50326cc14696423cf133508c0d013c5928a6 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

commit: 0141ccd0604deca6f931edf4f7c66b7fc1152851 [log] [tgz]
author: Stephen Smalley <sds@tycho.nsa.gov> Thu Apr 04 11:48:09 2013 -0400
committer: repo sync <gcondra@google.com> Fri Apr 05 13:08:27 2013 -0700
tree: 113a06d34b00edbf0652b23e83afe52f9d072694
parent: 0677cb2ebda66adfabced3390f6c8b40eb06bc33 [diff]
diff --git a/cts.te b/cts.te
index 3371410..11b7698 100644
--- a/cts.te
+++ b/cts.te

@@ -23,20 +23,9 @@
 allow appdomain dev_type:dir_file_class_set getattr;
 allow appdomain fs_type:dir_file_class_set getattr;
 
-# Execute the shell or other system executables.
-allow appdomain shell_exec:file rx_file_perms;
-allow appdomain system_file:file rx_file_perms;
-
-# Accesses to apk_tmp_file and shell_data_file
-allow appdomain apk_tmp_file:file rw_file_perms;
-allow appdomain shell_data_file:file r_file_perms;
-
 # Read permission over link file to devices.
 allow appdomain dev_type:lnk_file read;
 
-# Read routing information.
-allow netdomain self:netlink_route_socket { create read write nlmsg_read };
-
 # Tries to open /dev/alarm for writing but expects failure.
 dontaudit appdomain alarm_device:chr_file write;
commit	0141ccd0604deca6f931edf4f7c66b7fc1152851	[log] [tgz]
author	Stephen Smalley <sds@tycho.nsa.gov>	Thu Apr 04 11:48:09 2013 -0400
committer	repo sync <gcondra@google.com>	Fri Apr 05 13:08:27 2013 -0700
tree	113a06d34b00edbf0652b23e83afe52f9d072694
parent	0677cb2ebda66adfabced3390f6c8b40eb06bc33 [diff]