From 21b4a9259052c3f311923b2d79c6c2dd79217732 Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Tue, 25 Jul 2017 11:52:19 -0700
Subject: [PATCH] domain_deprecated: Remove access to /data/app

Logs indicate that all processes that require access already have it.

Bug: 28760354
Test: build
Change-Id: I8533308d0e5f9bf20e542f8435d70ba7755b4938
---
 private/domain_deprecated.te | 28 ----------------------------
 1 file changed, 28 deletions(-)

diff --git a/private/domain_deprecated.te b/private/domain_deprecated.te
index fc77b11a1..ccb7e855c 100644
--- a/private/domain_deprecated.te
+++ b/private/domain_deprecated.te
@@ -1,33 +1,5 @@
 # rules removed from the domain attribute
 
-# Read apk files under /data/app.
-allow domain_deprecated apk_data_file:dir { getattr search };
-allow domain_deprecated apk_data_file:file r_file_perms;
-allow domain_deprecated apk_data_file:lnk_file r_file_perms;
-userdebug_or_eng(`
-auditallow {
-  domain_deprecated
-  -appdomain
-  -dex2oat
-  -installd
-  -system_server
-} apk_data_file:dir { getattr search };
-auditallow {
-  domain_deprecated
-  -appdomain
-  -dex2oat
-  -installd
-  -system_server
-} apk_data_file:file r_file_perms;
-auditallow {
-  domain_deprecated
-  -appdomain
-  -dex2oat
-  -installd
-  -system_server
-} apk_data_file:lnk_file r_file_perms;
-')
-
 # Read access to pseudo filesystems.
 r_dir_file(domain_deprecated, proc)
 r_dir_file(domain_deprecated, sysfs)
-- 
GitLab