sepolicy: remove redudant rule for symlinks in /vendor/app

All accesses to /vendor/app within platform include permissions to read symlinks in the location. This rule is redundant now. Bug: 36806861 Test: Boot sailfish and find no denials for 'vendor_app_file' Change-Id: Ic17a67521cff6717d83b78bb4ad8e21e772f6d4f Signed-off-by: Sandeep Patil <sspatil@google.com>

sepolicy: remove redudant rule for symlinks in /vendor/app
All accesses to /vendor/app within platform include permissions to read symlinks in the location. This rule is redundant now. Bug: 36806861 Test: Boot sailfish and find no denials for 'vendor_app_file' Change-Id: Ic17a67521cff6717d83b78bb4ad8e21e772f6d4f Signed-off-by: Sandeep Patil <sspatil@google.com>
f79d1904 · Sandeep Patil · df679fdb · f79d1904
Commit f79d1904 authored 7 years ago by Sandeep Patil
--- a/public/domain.te
+++ b/public/domain.te
@@ -131,11 +131,6 @@ full_treble_only(`
    # through linker/loader.
    allow domain vendor_file:dir { getattr search };

-    # Some apps (com.android.phone) need to be able to open
-    # symlinked libraries
-    # TODO: b/36806861
-    allow domain vendor_app_file:lnk_file { open read };
-
    # Allow reading and executing out of /vendor to all vendor domains
    allow { domain -coredomain } vendor_file_type:dir r_dir_perms;
    allow { domain -coredomain } vendor_file_type:file { read open getattr execute };