From 54189c5321a0e2e51468ffb9a415c190f98be69c Mon Sep 17 00:00:00 2001
From: Sandeep Patil <sspatil@google.com>
Date: Wed, 5 Apr 2017 20:10:14 -0700
Subject: [PATCH] sepolicy: fix comments around 'domain' access to search in
 /vendor

Effectively removes TODOs and finalizes the initial solution to allow
all domains access to 'vendor_file'.

Bug: 36681074
Test: Build and boot sailfish (no policy changes in the CL)

Change-Id: I50c05e20175c5273b34901809d967dd3e48bdb0e
Signed-off-by: Sandeep Patil <sspatil@google.com>
---
 public/domain.te | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/public/domain.te b/public/domain.te
index addf4cf35..f16d2771e 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -123,12 +123,9 @@ allow domain same_process_hal_file:file { execute read open getattr };
 allow domain vendor_configs_file:dir r_dir_perms;
 allow domain vendor_configs_file:file { read open getattr };
 
-# TODO: (b/36681074) - Remove after this is resolved
-# TODO: (b/36680116, b/36656392, b/36681210) All need directory
-# lookup to find / open their libraries
 full_treble_only(`
-    # Everyone needs to lookup libraries in /vendor/lib(64)
-    # through linker/loader.
+    # This is required "most likely" for LD_LIBRARY_PATH
+    # (b/36681074)
     allow domain vendor_file:dir { getattr search };
 
     # Allow reading and executing out of /vendor to all vendor domains
-- 
GitLab