sepolicy: fix comments around 'domain' access to search in /vendor

Effectively removes TODOs and finalizes the initial solution to allow all domains access to 'vendor_file'. Bug: 36681074 Test: Build and boot sailfish (no policy changes in the CL) Change-Id: I50c05e20175c5273b34901809d967dd3e48bdb0e Signed-off-by: Sandeep Patil <sspatil@google.com>

sepolicy: fix comments around 'domain' access to search in /vendor
Effectively removes TODOs and finalizes the initial solution to allow all domains access to 'vendor_file'. Bug: 36681074 Test: Build and boot sailfish (no policy changes in the CL) Change-Id: I50c05e20175c5273b34901809d967dd3e48bdb0e Signed-off-by: Sandeep Patil <sspatil@google.com>
54189c53 · Sandeep Patil · f79d1904 · 54189c53
Commit 54189c53 authored 7 years ago by Sandeep Patil
--- a/public/domain.te
+++ b/public/domain.te
@@ -123,12 +123,9 @@ allow domain same_process_hal_file:file { execute read open getattr };
 allow domain vendor_configs_file:dir r_dir_perms;
 allow domain vendor_configs_file:file { read open getattr };
-# TODO: (b/36681074) - Remove after this is resolved
-# TODO: (b/36680116, b/36656392, b/36681210) All need directory
-# lookup to find / open their libraries
 full_treble_only(`
-    # Everyone needs to lookup libraries in /vendor/lib(64)
+    # This is required "most likely" for LD_LIBRARY_PATH
-    # through linker/loader.
+    # (b/36681074)
    allow domain vendor_file:dir { getattr search };
    # Allow reading and executing out of /vendor to all vendor domains