Remove cache_recovery_file symlink read

auditallow shows no hits. Change-Id: I5ae33d34cd4bfa48f4384926fcafd84bec60e899

Remove cache_recovery_file symlink read
auditallow shows no hits. Change-Id: I5ae33d34cd4bfa48f4384926fcafd84bec60e899
dc37ea73 · Nick Kralevich · ea0da785 · dc37ea73
Commit dc37ea73 authored 9 years ago by Nick Kralevich
--- a/domain_deprecated.te
+++ b/domain_deprecated.te
@@ -51,12 +51,11 @@ allow domain_deprecated dalvikcache_data_file:file r_file_perms;
 # Read already opened /cache files.
 allow domain_deprecated { cache_file cache_recovery_file }:dir r_dir_perms;
 allow domain_deprecated { cache_file cache_recovery_file }:file { getattr read };
-allow domain_deprecated { cache_file cache_recovery_file }:lnk_file r_file_perms;
+allow domain_deprecated cache_file:lnk_file r_file_perms;

 # Likely not needed. auditallow to be sure
 auditallow { domain_deprecated -init -system_server -dumpstate -install_recovery -platform_app -priv_app -uncrypt -recovery } cache_recovery_file:dir r_dir_perms;
 auditallow { domain_deprecated -init -system_server -dumpstate -install_recovery -platform_app -priv_app -uncrypt -recovery } cache_recovery_file:file { getattr read };
-auditallow domain_deprecated cache_recovery_file:lnk_file r_file_perms;

 # For /acct/uid/*/tasks.
 allow domain_deprecated cgroup:dir { search write };