From 199fc73f79d429881fa6c8dc39051cfeb4b337ea Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Fri, 20 Sep 2013 13:03:04 -0700
Subject: [PATCH] Revert "Give Zygote the ability to write app data files."

This was a mistaken attempt to fix bug 10498304, but it didn't
actually have any impact. Revert.

This reverts commit fc2bd01b601b00bf682c313d1e859d86ce030b67.

Bug: 10498304
---
 zygote.te | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/zygote.te b/zygote.te
index ddda88c8d..f974bbe27 100644
--- a/zygote.te
+++ b/zygote.te
@@ -11,9 +11,9 @@ allow zygote self:capability setpcap;
 # Switch SELinux context to app domains.
 allow zygote system_server:process dyntransition;
 allow zygote appdomain:process dyntransition;
-# Allow zygote to read + write app data dirs (b/10455872 and b/10498304)
+# Allow zygote to read app data dirs (b/10455872)
 allow zygote appdomain:dir { getattr search };
-allow zygote appdomain:file { r_file_perms write };
+allow zygote appdomain:file { r_file_perms };
 # Move children into the peer process group.
 allow zygote system_server:process { getpgid setpgid };
 allow zygote appdomain:process { getpgid setpgid };
-- 
GitLab