From 13c69b891e9728c7efcdef25b08f05c81598cfbf Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Wed, 15 Nov 2017 20:15:22 -0800
Subject: [PATCH] Remove unused permissions from tee

Only getattr and read are necessary for lnk_file. Open violates a new
neverallow for separating system and vendor data.

Bug: 34980020
Test: Enroll fingerprint on Taimen
Change-Id: I9434afbd5b4ecc1ead9f0ba47c7582fb5a6c6bf0
---
 vendor/tee.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vendor/tee.te b/vendor/tee.te
index 348d71587..7eb2430d7 100644
--- a/vendor/tee.te
+++ b/vendor/tee.te
@@ -14,4 +14,4 @@ allow tee ion_device:chr_file r_file_perms;
 r_dir_file(tee, sysfs_type)
 
 allow tee system_data_file:file { getattr read };
-allow tee system_data_file:lnk_file r_file_perms;
+allow tee system_data_file:lnk_file { getattr read };
-- 
GitLab