Remove duplicated rules between appdomain and isolated_app.

r_dir_file(appdomain, isolated_app) was in both app.te and isolated_app.te; delete it from isolated_app.te. binder_call(appdomain, isolated_app) is a subset of binder_call(appdomain, appdomain); delete it. Change-Id: I3fd90ad9c8862a0e4dad957425cbfbc9fa97c63f Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Remove duplicated rules between appdomain and isolated_app.
r_dir_file(appdomain, isolated_app) was in both app.te and isolated_app.te; delete it from isolated_app.te. binder_call(appdomain, isolated_app) is a subset of binder_call(appdomain, appdomain); delete it. Change-Id: I3fd90ad9c8862a0e4dad957425cbfbc9fa97c63f Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
5b00f223 · Stephen Smalley · a24a991d · 5b00f223 · 5b00f223
Commit 5b00f223 authored 11 years ago by Stephen Smalley
--- a/app.te
+++ b/app.te
@@ -66,7 +66,6 @@ binder_call(appdomain, appdomain)
 # Appdomain interaction with isolated apps
 r_dir_file(appdomain, isolated_app)
-binder_call(appdomain, isolated_app)
 # Already connected, unnamed sockets being passed over some other IPC
 # hence no sock_file or connectto permission. This appears to be how

--- a/isolated_app.te
+++ b/isolated_app.te
@@ -13,9 +13,6 @@ type isolated_app, domain;
 permissive isolated_app;
 app_domain(isolated_app)
-# Appdomain interaction with isolated apps
-r_dir_file(appdomain, isolated_app)
 # Already connected, unnamed sockets being passed over some other IPC
 # hence no sock_file or connectto permission. This appears to be how
 # Chrome works, may need to be updated as more apps using isolated services