From 334e09701e4efe3e8c87721deaba6ba59cd25e42 Mon Sep 17 00:00:00 2001
From: Robin Lee <rgl@google.com>
Date: Mon, 20 Oct 2014 10:09:27 +0100
Subject: [PATCH] Revoke zygote's read permission on keychain data

Classes which statically read these files are no longer preloaded.

Bug: 18013422
Change-Id: Iafd127eff2ba95266f49f8d7c70bc9dd11624df4
---
 zygote.te | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/zygote.te b/zygote.te
index 5ee4eb8e9..4c6276c8c 100644
--- a/zygote.te
+++ b/zygote.te
@@ -21,9 +21,6 @@ allow zygote appdomain:process { getpgid setpgid };
 # Read system data.
 allow zygote system_data_file:dir r_dir_perms;
 allow zygote system_data_file:file r_file_perms;
-# Read system security data.
-allow zygote keychain_data_file:dir r_dir_perms;
-allow zygote keychain_data_file:file r_file_perms;
 # Write to /data/dalvik-cache.
 allow zygote dalvikcache_data_file:dir create_dir_perms;
 allow zygote dalvikcache_data_file:file create_file_perms;
-- 
GitLab