Skip to content
Snippets Groups Projects
Commit 2469b32e authored by Calin Juravle's avatar Calin Juravle
Browse files

Remove handling of dalvik-cache/profiles

Bug: 24698874
Bug: 17173268
Change-Id: I8c502ae6aad3cf3c13fae81722c367f45d70fb18
parent 5c57e7c2
No related branches found
No related tags found
No related merge requests found
...@@ -167,10 +167,6 @@ allow appdomain usbaccessory_device:chr_file { read write getattr }; ...@@ -167,10 +167,6 @@ allow appdomain usbaccessory_device:chr_file { read write getattr };
allow appdomain dalvikcache_data_file:file execute; allow appdomain dalvikcache_data_file:file execute;
allow appdomain dalvikcache_data_file:lnk_file r_file_perms; allow appdomain dalvikcache_data_file:lnk_file r_file_perms;
# /data/dalvik-cache/profiles
allow appdomain dalvikcache_profiles_data_file:dir { search getattr };
allow appdomain dalvikcache_profiles_data_file:file rw_file_perms;
# Allow any app to read shared RELRO files. # Allow any app to read shared RELRO files.
allow appdomain shared_relro_file:dir search; allow appdomain shared_relro_file:dir search;
allow appdomain shared_relro_file:file r_file_perms; allow appdomain shared_relro_file:file r_file_perms;
......
...@@ -297,7 +297,6 @@ neverallow { domain -install_recovery -recovery } recovery_block_device:blk_file ...@@ -297,7 +297,6 @@ neverallow { domain -install_recovery -recovery } recovery_block_device:blk_file
neverallow { domain -servicemanager } *:binder set_context_mgr; neverallow { domain -servicemanager } *:binder set_context_mgr;
# Only authorized processes should be writing to files in /data/dalvik-cache # Only authorized processes should be writing to files in /data/dalvik-cache
# (excluding /data/dalvik-cache/profiles, which is labeled differently)
neverallow { neverallow {
domain domain
-init # TODO: limit init to relabelfrom for files -init # TODO: limit init to relabelfrom for files
......
...@@ -77,8 +77,6 @@ type apk_private_data_file, file_type, data_file_type; ...@@ -77,8 +77,6 @@ type apk_private_data_file, file_type, data_file_type;
type apk_private_tmp_file, file_type, data_file_type, mlstrustedobject; type apk_private_tmp_file, file_type, data_file_type, mlstrustedobject;
# /data/dalvik-cache # /data/dalvik-cache
type dalvikcache_data_file, file_type, data_file_type; type dalvikcache_data_file, file_type, data_file_type;
# /data/dalvik-cache/profiles
type dalvikcache_profiles_data_file, file_type, data_file_type, mlstrustedobject;
# /data/resource-cache # /data/resource-cache
type resourcecache_data_file, file_type, data_file_type; type resourcecache_data_file, file_type, data_file_type;
# /data/local - writable by shell # /data/local - writable by shell
......
...@@ -231,7 +231,6 @@ ...@@ -231,7 +231,6 @@
/data/gps(/.*)? u:object_r:gps_data_file:s0 /data/gps(/.*)? u:object_r:gps_data_file:s0
/data/resource-cache(/.*)? u:object_r:resourcecache_data_file:s0 /data/resource-cache(/.*)? u:object_r:resourcecache_data_file:s0
/data/dalvik-cache(/.*)? u:object_r:dalvikcache_data_file:s0 /data/dalvik-cache(/.*)? u:object_r:dalvikcache_data_file:s0
/data/dalvik-cache/profiles(/.*)? u:object_r:dalvikcache_profiles_data_file:s0
/data/adb(/.*)? u:object_r:adb_data_file:s0 /data/adb(/.*)? u:object_r:adb_data_file:s0
/data/anr(/.*)? u:object_r:anr_data_file:s0 /data/anr(/.*)? u:object_r:anr_data_file:s0
/data/app(/.*)? u:object_r:apk_data_file:s0 /data/app(/.*)? u:object_r:apk_data_file:s0
......
...@@ -59,10 +59,6 @@ allow installd install_data_file:file create_file_perms; ...@@ -59,10 +59,6 @@ allow installd install_data_file:file create_file_perms;
allow installd dalvikcache_data_file:dir create_dir_perms; allow installd dalvikcache_data_file:dir create_dir_perms;
allow installd dalvikcache_data_file:file create_file_perms; allow installd dalvikcache_data_file:file create_file_perms;
# Create /data/dalvik-cache/profiles.
allow installd dalvikcache_profiles_data_file:dir rw_dir_perms;
allow installd dalvikcache_profiles_data_file:file create_file_perms;
# Create files under /data/resource-cache. # Create files under /data/resource-cache.
allow installd resourcecache_data_file:dir rw_dir_perms; allow installd resourcecache_data_file:dir rw_dir_perms;
allow installd resourcecache_data_file:file create_file_perms; allow installd resourcecache_data_file:file create_file_perms;
......
...@@ -208,10 +208,6 @@ allow system_server anr_data_file:file create_file_perms; ...@@ -208,10 +208,6 @@ allow system_server anr_data_file:file create_file_perms;
allow system_server backup_data_file:dir create_dir_perms; allow system_server backup_data_file:dir create_dir_perms;
allow system_server backup_data_file:file create_file_perms; allow system_server backup_data_file:file create_file_perms;
# Read from /data/dalvik-cache/profiles
allow system_server dalvikcache_profiles_data_file:dir rw_dir_perms;
allow system_server dalvikcache_profiles_data_file:file create_file_perms;
# Write to /data/system/heapdump # Write to /data/system/heapdump
allow system_server heapdump_data_file:dir rw_dir_perms; allow system_server heapdump_data_file:dir rw_dir_perms;
allow system_server heapdump_data_file:file create_file_perms; allow system_server heapdump_data_file:file create_file_perms;
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment