From 1a6184baf3e01bf7786fb14de4216bcb4e3b2f70 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Tue, 27 May 2014 16:51:11 -0700
Subject: [PATCH] Remove dmesg_restrict

dmesg_restrict is too coarse of a control. In Android's case,
we want to allow the shell user to see dmesg output, but disallow
others from seeing it.

Rather than rely on dmesg_restrict, use SELinux to control access
to dmesg instead. See corresponding change in external/sepolicy .

Bug: 10020939
Change-Id: I9d4bbbd41cb02b707cdfee79f826a39c1ec2f177
---
 rootdir/init.rc | 1 -
 1 file changed, 1 deletion(-)

diff --git a/rootdir/init.rc b/rootdir/init.rc
index ed756e09c..2585353dd 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -98,7 +98,6 @@ loglevel 3
     write /proc/sys/kernel/sched_child_runs_first 0
     write /proc/sys/kernel/randomize_va_space 2
     write /proc/sys/kernel/kptr_restrict 2
-    write /proc/sys/kernel/dmesg_restrict 1
     write /proc/sys/vm/mmap_min_addr 32768
     write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
     write /proc/sys/net/unix/max_dgram_qlen 300