From f247dcba467020eabfd6b057b5f126f7395b2d3d Mon Sep 17 00:00:00 2001
From: Chad Brubaker <cbrubaker@google.com>
Date: Tue, 23 Aug 2016 13:58:58 -0700
Subject: [PATCH] Allow apps to read keychain_data_file links

Bug: 28746284
Change-Id: I59aa235ecba05e22aaa531e387a77f47267ac9ae
---
 app.te | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/app.te b/app.te
index 27e6055e0..21fdc8ad5 100644
--- a/app.te
+++ b/app.te
@@ -75,8 +75,7 @@ allow { appdomain -isolated_app } app_data_file:notdevfile_class_set create_file
 allow appdomain mnt_expand_file:dir r_dir_perms;
 
 # Keychain and user-trusted credentials
-allow appdomain keychain_data_file:dir r_dir_perms;
-allow appdomain keychain_data_file:file r_file_perms;
+r_dir_file(appdomain, keychain_data_file)
 allow appdomain misc_user_data_file:dir r_dir_perms;
 allow appdomain misc_user_data_file:file r_file_perms;
 
-- 
GitLab