From 93727ae6d7afb4da5d3c43b38530b001b8b5c4a3 Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Thu, 6 Sep 2018 13:58:26 -0700
Subject: [PATCH] tombstoned: clean up TODO on anr writes

audit logs indicate that "append" is still used, but not write.

From ToT master:
avc: granted { append } for comm="tombstoned" scontext=u:r:tombstoned:s0
tcontext=u:object_r:anr_data_file:s0 tclass=file

Bug: 32064548
Test: build
Change-Id: Id05853a8ae38b84deed4d8bcca5a72c64ce7fd7e
---
 public/tombstoned.te | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/public/tombstoned.te b/public/tombstoned.te
index 0e585b662..9c75c976a 100644
--- a/public/tombstoned.te
+++ b/public/tombstoned.te
@@ -11,12 +11,7 @@ allow tombstoned domain:file r_file_perms;
 allow tombstoned tombstone_data_file:dir rw_dir_perms;
 allow tombstoned tombstone_data_file:file { create_file_perms link };
 
-# TODO: Remove append / write permissions. They were temporarily
-# granted due to a bug which appears to have been fixed.
-allow tombstoned anr_data_file:file { append write };
-auditallow tombstoned anr_data_file:file { append write };
-
 # Changes for the new stack dumping mechanism. Each trace goes into a
 # separate file, and these files are managed by tombstoned.
 allow tombstoned anr_data_file:dir rw_dir_perms;
-allow tombstoned anr_data_file:file { create getattr open link unlink };
+allow tombstoned anr_data_file:file { append create getattr open link unlink };
-- 
GitLab