app: remove permission to execute gpu_device

Not actually needed as demonstrated by the auditallow rule. Change-Id: Ia92c82ec237ab3490a1d51fa3371778e43e09504

app: remove permission to execute gpu_device
1911c27f · Jeff Vander Stoep · Jeffrey Vander Stoep · dc37ea73 · 1911c27f
Commit 1911c27f authored 9 years ago by Jeff Vander Stoep Committed by Jeffrey Vander Stoep 9 years ago
--- a/app.te
+++ b/app.te
@@ -123,8 +123,7 @@ allow appdomain qtaguid_device:chr_file r_file_perms;

 # Grant GPU access to all processes started by Zygote.
 # They need that to render the standard UI.
-allow { appdomain -isolated_app } gpu_device:chr_file { rw_file_perms execute };
-auditallow { appdomain -isolated_app } gpu_device:chr_file execute;
+allow { appdomain -isolated_app } gpu_device:chr_file rw_file_perms;

 # Use the Binder.
 binder_use(appdomain)