Merge "Fixup neverallow rule"

am: 917cf072 Change-Id: Ifa8e92e90810eaae408254c949aa86411730e8d2

Merge "Fixup neverallow rule"
am: 917cf072 Change-Id: Ifa8e92e90810eaae408254c949aa86411730e8d2
88b23b42 · Nick Kralevich · android-build-merger · 98f18214 · 917cf072 · 88b23b42
Commit 88b23b42 authored 7 years ago by Nick Kralevich Committed by android-build-merger 7 years ago
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -758,11 +758,8 @@ neverallow { domain -init -system_server -crash_dump } system_ndebug_socket:sock
 neverallow system_server dex2oat_exec:file no_x_file_perms;

 # system_server should never execute or load executable shared libraries
-# in /data except for /data/dalvik-cache files.
-neverallow system_server {
-  data_file_type
-  -dalvikcache_data_file #mapping with PROT_EXEC
-}:file no_x_file_perms;
+# in /data
+neverallow system_server data_file_type:file no_x_file_perms;

 # The only block device system_server should be accessing is
 # the frp_block_device. This helps avoid a system_server to root