From dc37ea73932f8d1c401695366284b4e8869e2127 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Thu, 7 Jan 2016 12:56:54 -0800
Subject: [PATCH] Remove cache_recovery_file symlink read

auditallow shows no hits.

Change-Id: I5ae33d34cd4bfa48f4384926fcafd84bec60e899
---
 domain_deprecated.te | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/domain_deprecated.te b/domain_deprecated.te
index 36f8d993d..5bc8bda8a 100644
--- a/domain_deprecated.te
+++ b/domain_deprecated.te
@@ -51,12 +51,11 @@ allow domain_deprecated dalvikcache_data_file:file r_file_perms;
 # Read already opened /cache files.
 allow domain_deprecated { cache_file cache_recovery_file }:dir r_dir_perms;
 allow domain_deprecated { cache_file cache_recovery_file }:file { getattr read };
-allow domain_deprecated { cache_file cache_recovery_file }:lnk_file r_file_perms;
+allow domain_deprecated cache_file:lnk_file r_file_perms;
 
 # Likely not needed. auditallow to be sure
 auditallow { domain_deprecated -init -system_server -dumpstate -install_recovery -platform_app -priv_app -uncrypt -recovery } cache_recovery_file:dir r_dir_perms;
 auditallow { domain_deprecated -init -system_server -dumpstate -install_recovery -platform_app -priv_app -uncrypt -recovery } cache_recovery_file:file { getattr read };
-auditallow domain_deprecated cache_recovery_file:lnk_file r_file_perms;
 
 # For /acct/uid/*/tasks.
 allow domain_deprecated cgroup:dir { search write };
-- 
GitLab