From 681a687a6032e060742cf57b8e1f9d122fd5afca Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Thu, 8 May 2014 08:38:54 -0400
Subject: [PATCH] Drop appdomain unlabeled file execute.

Should no longer be required due to restorecon_recursive of /data
by init.rc (covers /data/dalvik-cache and /data/app-lib) and due to
restorecon_recursive of /data/data by installd (covers /data/data
directories).

Change-Id: Icb217c0735852db7cca8583e381264ef8cd8839c
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 app.te | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/app.te b/app.te
index fb2fb6dd9..ecdea85ea 100644
--- a/app.te
+++ b/app.te
@@ -132,11 +132,6 @@ allow appdomain dalvikcache_data_file:file execute;
 # /data/dalvik-cache/profiles
 allow appdomain dalvikcache_profiles_data_file:file write;
 
-# For legacy unlabeled userdata on existing devices.
-# See discussion of Unlabeled files in domain.te for more information.
-allow appdomain unlabeled:file x_file_perms;
-auditallow appdomain unlabeled:file x_file_perms;
-
 ###
 ### CTS-specific rules
 ###
-- 
GitLab