From 5b00f223495ccb87cc8069d819bee6be9b3b99d6 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Wed, 11 Sep 2013 11:25:32 -0400
Subject: [PATCH] Remove duplicated rules between appdomain and isolated_app.

r_dir_file(appdomain, isolated_app) was in both app.te and isolated_app.te;
delete it from isolated_app.te.
binder_call(appdomain, isolated_app) is a subset of binder_call(appdomain, appdomain); delete it.

Change-Id: I3fd90ad9c8862a0e4dad957425cbfbc9fa97c63f
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 app.te          | 1 -
 isolated_app.te | 3 ---
 2 files changed, 4 deletions(-)

diff --git a/app.te b/app.te
index fd16764aa..65494ec6b 100644
--- a/app.te
+++ b/app.te
@@ -66,7 +66,6 @@ binder_call(appdomain, appdomain)
 
 # Appdomain interaction with isolated apps
 r_dir_file(appdomain, isolated_app)
-binder_call(appdomain, isolated_app)
 
 # Already connected, unnamed sockets being passed over some other IPC
 # hence no sock_file or connectto permission. This appears to be how
diff --git a/isolated_app.te b/isolated_app.te
index 1b33484c5..3b99e37d3 100644
--- a/isolated_app.te
+++ b/isolated_app.te
@@ -13,9 +13,6 @@ type isolated_app, domain;
 permissive isolated_app;
 app_domain(isolated_app)
 
-# Appdomain interaction with isolated apps
-r_dir_file(appdomain, isolated_app)
-
 # Already connected, unnamed sockets being passed over some other IPC
 # hence no sock_file or connectto permission. This appears to be how
 # Chrome works, may need to be updated as more apps using isolated services
-- 
GitLab