From 778520650a6b3e9a1ce587da996bf50e6265d8be Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Mon, 5 May 2014 14:37:49 -0400
Subject: [PATCH] Remove platform_app shell_data_file:lnk_file read access.

Not sure what denial originally motivated adding this
access, but drop it and see if it resurfaces.  platform_app
is still permissive_or_unconfined() so this should not break
anything.

Change-Id: Ia4418080e3477346fa48d23b4bb5d53396ed5593
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 platform_app.te | 1 -
 1 file changed, 1 deletion(-)

diff --git a/platform_app.te b/platform_app.te
index 6cac4ee30..934a65de8 100644
--- a/platform_app.te
+++ b/platform_app.te
@@ -12,7 +12,6 @@ bluetooth_domain(platform_app)
 # Read from /data/local/tmp or /data/data/com.android.shell.
 allow platform_app shell_data_file:dir search;
 allow platform_app shell_data_file:file { open getattr read };
-allow platform_app shell_data_file:lnk_file read;
 # Populate /data/app/vmdl*.tmp, /data/app-private/vmdl*.tmp files
 # created by system server.
 allow platform_app { apk_tmp_file apk_private_tmp_file }:file rw_file_perms;
-- 
GitLab