Enable selinux read_policy for adb pull.

Remove permission from appdomain. Bug: 16866291 Change-Id: I37936fed33c337e1ab2816258c2aff52700af116

Enable selinux read_policy for adb pull.
309cc668 · dcashman · abfd427a · 309cc668 · 309cc668
Commit 309cc668 authored 10 years ago by dcashman
--- a/adbd.te
+++ b/adbd.te
@@ -68,3 +68,5 @@ allow adbd appdomain:unix_stream_socket connectto;
 # ndk-gdb invokes adb pull of app_process, linker, and libc.so.
 allow adbd zygote_exec:file r_file_perms;
 allow adbd system_file:file r_file_perms;
+
+allow adbd kernel:security read_policy;
--- a/app.te
+++ b/app.te
@@ -170,8 +170,6 @@ allow appdomain runas_exec:file getattr;
 # Check SELinux policy and contexts.
 selinux_check_access(appdomain)
 selinux_check_context(appdomain)
-# Enable reading of current selinux policy file
-allow appdomain kernel:security read_policy;
 # Validate that each process is running in the correct security context.
 allow appdomain domain:process getattr;