From 09eae90890d4a2545358b8ba104e1f2a46df1408 Mon Sep 17 00:00:00 2001
From: Brian Carlstrom <bdc@google.com>
Date: Thu, 28 Aug 2014 18:16:35 -0700
Subject: [PATCH] Remove system_server create access from /data/dalvik-cache

Bug: 16875245

(cherry picked from commit 372d0df796389e2f6295a394492585ed64f0ceca)

Change-Id: I38fa14226ab94df2029ca60d3c8898f46c1824c7
---
 system_app.te    | 3 ---
 system_server.te | 4 ----
 2 files changed, 7 deletions(-)

diff --git a/system_app.te b/system_app.te
index 5a5888f2f..fcf0f16b9 100644
--- a/system_app.te
+++ b/system_app.te
@@ -24,9 +24,6 @@ auditallow system_app system_data_file:file { create setattr append write link u
 # Read wallpaper file.
 allow system_app wallpaper_file:file r_file_perms;
 
-# Write to dalvikcache.
-allow system_app dalvikcache_data_file:file { write setattr };
-
 # Write to properties
 unix_socket_connect(system_app, property, init)
 allow system_app debug_prop:property_service set;
diff --git a/system_server.te b/system_server.te
index 9d3dfa143..006837834 100644
--- a/system_server.te
+++ b/system_server.te
@@ -197,10 +197,6 @@ allow system_server anr_data_file:file create_file_perms;
 allow system_server backup_data_file:dir create_dir_perms;
 allow system_server backup_data_file:file create_file_perms;
 
-# Manage /data/dalvik-cache.
-allow system_server dalvikcache_data_file:dir create_dir_perms;
-allow system_server dalvikcache_data_file:file create_file_perms;
-
 # Read from /data/dalvik-cache/profiles
 allow system_server dalvikcache_profiles_data_file:dir rw_dir_perms;
 allow system_server dalvikcache_profiles_data_file:file create_file_perms;
-- 
GitLab