From 9410105cc7b9f3b57c0186e2f0e1218e7416759c Mon Sep 17 00:00:00 2001
From: Tri Vo <trong@google.com>
Date: Mon, 22 Oct 2018 14:43:03 -0700
Subject: [PATCH] Neverallow vendor access to system_file.

Bug: 111243627
Test: m selinux_policy
Change-Id: I37d03906b93c8810f1d33af736f19fd6ab241c35
---
 public/domain.te | 2 --
 1 file changed, 2 deletions(-)

diff --git a/public/domain.te b/public/domain.te
index 0244b7a45..b17893bdd 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -1063,7 +1063,6 @@ full_treble_only(`
         -vendor_init
     } {
         system_file_type
-        -system_file # TODO(b/111243627): remove once Treble violations are fixed.
         -system_lib_file
         -system_linker_exec
         -crash_dump_exec
@@ -1141,7 +1140,6 @@ full_treble_only(`
     -vendor_init
   } {
     system_file_type
-    -system_file # TODO(b/111243627): remove once Treble violations are fixed.
     -crash_dump_exec
     -file_contexts_file
     -netutils_wrapper_exec
-- 
GitLab