From 2469b32e15b569fabaeca066ce53b65fa0ee8995 Mon Sep 17 00:00:00 2001
From: Calin Juravle <calin@google.com>
Date: Wed, 4 Nov 2015 15:08:40 +0000
Subject: [PATCH] Remove handling of dalvik-cache/profiles
Bug: 24698874
Bug: 17173268
Change-Id: I8c502ae6aad3cf3c13fae81722c367f45d70fb18
---
app.te | 4 ----
domain.te | 1 -
file.te | 2 --
file_contexts | 1 -
installd.te | 4 ----
system_server.te | 4 ----
6 files changed, 16 deletions(-)
diff --git a/app.te b/app.te
index 9a00b11b7..0ac69f66f 100644
--- a/app.te
+++ b/app.te
@@ -167,10 +167,6 @@ allow appdomain usbaccessory_device:chr_file { read write getattr };
allow appdomain dalvikcache_data_file:file execute;
allow appdomain dalvikcache_data_file:lnk_file r_file_perms;
-# /data/dalvik-cache/profiles
-allow appdomain dalvikcache_profiles_data_file:dir { search getattr };
-allow appdomain dalvikcache_profiles_data_file:file rw_file_perms;
-
# Allow any app to read shared RELRO files.
allow appdomain shared_relro_file:dir search;
allow appdomain shared_relro_file:file r_file_perms;
diff --git a/domain.te b/domain.te
index 047b23a20..03528a38d 100644
--- a/domain.te
+++ b/domain.te
@@ -297,7 +297,6 @@ neverallow { domain -install_recovery -recovery } recovery_block_device:blk_file
neverallow { domain -servicemanager } *:binder set_context_mgr;
# Only authorized processes should be writing to files in /data/dalvik-cache
-# (excluding /data/dalvik-cache/profiles, which is labeled differently)
neverallow {
domain
-init # TODO: limit init to relabelfrom for files
diff --git a/file.te b/file.te
index d7b73ed12..1d444dd65 100644
--- a/file.te
+++ b/file.te
@@ -77,8 +77,6 @@ type apk_private_data_file, file_type, data_file_type;
type apk_private_tmp_file, file_type, data_file_type, mlstrustedobject;
# /data/dalvik-cache
type dalvikcache_data_file, file_type, data_file_type;
-# /data/dalvik-cache/profiles
-type dalvikcache_profiles_data_file, file_type, data_file_type, mlstrustedobject;
# /data/resource-cache
type resourcecache_data_file, file_type, data_file_type;
# /data/local - writable by shell
diff --git a/file_contexts b/file_contexts
index ffa251898..942b7e6f8 100644
--- a/file_contexts
+++ b/file_contexts
@@ -231,7 +231,6 @@
/data/gps(/.*)? u:object_r:gps_data_file:s0
/data/resource-cache(/.*)? u:object_r:resourcecache_data_file:s0
/data/dalvik-cache(/.*)? u:object_r:dalvikcache_data_file:s0
-/data/dalvik-cache/profiles(/.*)? u:object_r:dalvikcache_profiles_data_file:s0
/data/adb(/.*)? u:object_r:adb_data_file:s0
/data/anr(/.*)? u:object_r:anr_data_file:s0
/data/app(/.*)? u:object_r:apk_data_file:s0
diff --git a/installd.te b/installd.te
index a8cb8d459..21cd4f0b3 100644
--- a/installd.te
+++ b/installd.te
@@ -59,10 +59,6 @@ allow installd install_data_file:file create_file_perms;
allow installd dalvikcache_data_file:dir create_dir_perms;
allow installd dalvikcache_data_file:file create_file_perms;
-# Create /data/dalvik-cache/profiles.
-allow installd dalvikcache_profiles_data_file:dir rw_dir_perms;
-allow installd dalvikcache_profiles_data_file:file create_file_perms;
-
# Create files under /data/resource-cache.
allow installd resourcecache_data_file:dir rw_dir_perms;
allow installd resourcecache_data_file:file create_file_perms;
diff --git a/system_server.te b/system_server.te
index 13e3ccf28..15e847dec 100644
--- a/system_server.te
+++ b/system_server.te
@@ -208,10 +208,6 @@ allow system_server anr_data_file:file create_file_perms;
allow system_server backup_data_file:dir create_dir_perms;
allow system_server backup_data_file:file create_file_perms;
-# Read from /data/dalvik-cache/profiles
-allow system_server dalvikcache_profiles_data_file:dir rw_dir_perms;
-allow system_server dalvikcache_profiles_data_file:file create_file_perms;
-
# Write to /data/system/heapdump
allow system_server heapdump_data_file:dir rw_dir_perms;
allow system_server heapdump_data_file:file create_file_perms;
--
GitLab