From 372d0df796389e2f6295a394492585ed64f0ceca Mon Sep 17 00:00:00 2001
From: Brian Carlstrom <bdc@google.com>
Date: Thu, 28 Aug 2014 18:16:35 -0700
Subject: [PATCH] Remove system_server create access from /data/dalvik-cache

Bug: 16875245
Change-Id: I2487a80896a4a923fb1fa606f537df9f6ad4220a
---
 system_app.te    | 3 ---
 system_server.te | 4 ----
 2 files changed, 7 deletions(-)

diff --git a/system_app.te b/system_app.te
index 2a7421b39..9a336f9ce 100644
--- a/system_app.te
+++ b/system_app.te
@@ -24,9 +24,6 @@ auditallow system_app system_data_file:file { create setattr append write link u
 # Read wallpaper file.
 allow system_app wallpaper_file:file r_file_perms;
 
-# Write to dalvikcache.
-allow system_app dalvikcache_data_file:file { write setattr };
-
 # Write to properties
 unix_socket_connect(system_app, property, init)
 allow system_app debug_prop:property_service set;
diff --git a/system_server.te b/system_server.te
index e6167f1d3..99fb9634e 100644
--- a/system_server.te
+++ b/system_server.te
@@ -196,10 +196,6 @@ allow system_server anr_data_file:file create_file_perms;
 allow system_server backup_data_file:dir create_dir_perms;
 allow system_server backup_data_file:file create_file_perms;
 
-# Manage /data/dalvik-cache.
-allow system_server dalvikcache_data_file:dir create_dir_perms;
-allow system_server dalvikcache_data_file:file create_file_perms;
-
 # Read from /data/dalvik-cache/profiles
 allow system_server dalvikcache_profiles_data_file:dir rw_dir_perms;
 allow system_server dalvikcache_profiles_data_file:file create_file_perms;
-- 
GitLab