From 2f40a17a42d19b6d92944c78c1d6a9c9517a725b Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Wed, 4 Sep 2013 16:12:33 -0700
Subject: [PATCH] Revert "Add the ability to write shell files to the
 untrusted_app domain."

At this point, we still don't understand the root cause of
bug 10290009, or if it's even a real bug.  Rollback
29d0d40668e686adc91cdfbf0d083e71ed82bac6 so we an get a device
in this state and figure out the root cause of this problem.

This reverts commit 29d0d40668e686adc91cdfbf0d083e71ed82bac6.

Bug: 10290009
---
 untrusted_app.te | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/untrusted_app.te b/untrusted_app.te
index b112636ff..c91543ed8 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -44,8 +44,5 @@ allow untrusted_app devpts:chr_file rw_file_perms;
 # running "adb install foo.apk".
 # TODO: Long term, we don't want apps probing into shell data files.
 # Figure out a way to remove these rules.
-# XXX Adding writing to shell_data_file to fix 10290009; this needs a real fix,
-# as allowing apps to write shell data files is a significant possible security
-# vuln
-allow untrusted_app shell_data_file:file rw_file_perms;
+allow untrusted_app shell_data_file:file r_file_perms;
 allow untrusted_app shell_data_file:dir r_dir_perms;
-- 
GitLab