am 11ba399f: am e64e8b7f: am 1f065398: Merge "Remove zygote write access to system_data_file."

* commit '11ba399f': Remove zygote write access to system_data_file.

am 11ba399f: am e64e8b7f: am 1f065398: Merge "Remove zygote write access to system_data_file."
3471aa13 · Nick Kralevich · Android Git Automerger · c1cc62c5 · 11ba399f · 3471aa13
Commit 3471aa13 authored 11 years ago by Nick Kralevich Committed by Android Git Automerger 11 years ago
--- a/zygote.te
+++ b/zygote.te
@@ -17,11 +17,10 @@ allow zygote appdomain:file { r_file_perms };
 # Move children into the peer process group.
 allow zygote system_server:process { getpgid setpgid };
 allow zygote appdomain:process { getpgid setpgid };
-# Write to system data.
-allow zygote system_data_file:dir rw_dir_perms;
-allow zygote system_data_file:file create_file_perms;
-auditallow zygote system_data_file:dir { write add_name remove_name };
-auditallow zygote system_data_file:file { create setattr write append link unlink rename };
+# Read system data.
+allow zygote system_data_file:dir r_dir_perms;
+allow zygote system_data_file:file r_file_perms;
+# Write to /data/dalvik-cache.
 allow zygote dalvikcache_data_file:dir create_dir_perms;
 allow zygote dalvikcache_data_file:file create_file_perms;
 # For art.