From ff2bf403c6ebd7f8ff2b70bd936b9fcb59039e62 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Tue, 29 Mar 2016 09:20:41 -0700
Subject: [PATCH] drop install_recovery cache_recovery_file rules

The auditallow for install_recovery accessing cache_recovery_files
hasn't triggered, so drop the rules as they don't appear to be
used.

Change-Id: I74bb152b6c829612594c647674907e16783fa477
---
 install_recovery.te | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/install_recovery.te b/install_recovery.te
index 1c47236ea..b11ff7497 100644
--- a/install_recovery.te
+++ b/install_recovery.te
@@ -21,11 +21,8 @@ allow install_recovery boot_block_device:blk_file r_file_perms;
 allow install_recovery recovery_block_device:blk_file rw_file_perms;
 
 # Create and delete /cache/saved.file
-allow install_recovery { cache_file cache_recovery_file }:dir rw_dir_perms;
-allow install_recovery { cache_file cache_recovery_file }:file create_file_perms;
-
-auditallow install_recovery cache_recovery_file:dir rw_dir_perms;
-auditallow install_recovery cache_recovery_file:file create_file_perms;
+allow install_recovery cache_file:dir rw_dir_perms;
+allow install_recovery cache_file:file create_file_perms;
 
 # Write to /proc/sys/vm/drop_caches
 allow install_recovery proc_drop_caches:file w_file_perms;
-- 
GitLab