From 74a6730767a457ec89729bf2e1108da2aec43913 Mon Sep 17 00:00:00 2001
From: Zimuzo Ezeozue <zezeozue@google.com>
Date: Wed, 8 Jan 2020 20:54:28 +0000
Subject: [PATCH] Revert "Allow MediaProvider to host FUSE devices."

This reverts commit b56cc6fb1f8c56e5349661eafe77f43d01842fc7.

Reason for revert: Not necessary

Change-Id: I99d7df2435294e78b753149e20377e78c1c60d36
---
 private/app_neverallows.te | 4 ++--
 private/mediaprovider.te   | 3 ---
 2 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index d496e90f0..be0a59833 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -137,8 +137,8 @@ neverallow { all_untrusted_apps -mediaprovider } {
   ')
 }:dir_file_class_set { create unlink };
 
-# No untrusted component except mediaprovider should be touching /dev/fuse
-neverallow { all_untrusted_apps -mediaprovider } fuse_device:chr_file *;
+# No untrusted component should be touching /dev/fuse
+neverallow all_untrusted_apps fuse_device:chr_file *;
 
 # Do not allow untrusted apps to directly open the tun_device
 neverallow all_untrusted_apps tun_device:chr_file open;
diff --git a/private/mediaprovider.te b/private/mediaprovider.te
index 692641252..30d3fe0fe 100644
--- a/private/mediaprovider.te
+++ b/private/mediaprovider.te
@@ -34,9 +34,6 @@ allow mediaprovider ringtone_file:file { getattr read write };
 # MtpServer uses /dev/mtp_usb
 allow mediaprovider mtp_device:chr_file rw_file_perms;
 
-# Fuse daemon
-allow mediaprovider fuse_device:chr_file { read write ioctl getattr };
-
 # MtpServer uses /dev/usb-ffs/mtp
 allow mediaprovider functionfs:dir search;
 allow mediaprovider functionfs:file rw_file_perms;