diff options
author | Nick Kralevich <nnk@google.com> | 2014-06-10 18:42:22 -0700 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2014-06-12 14:56:05 -0700 |
commit | 867030517724036b64fcaf39deaba1b27f3ca77e (patch) | |
tree | 10b6090f791115b4013109097570ed7b16bb0655 /installd.te | |
parent | b0ee91a418a899dbd39678711ea65ed60418154e (diff) | |
download | android_external_sepolicy-867030517724036b64fcaf39deaba1b27f3ca77e.tar.gz android_external_sepolicy-867030517724036b64fcaf39deaba1b27f3ca77e.tar.bz2 android_external_sepolicy-867030517724036b64fcaf39deaba1b27f3ca77e.zip |
Remove world-read access to /data/dalvik-cache/profiles
Remove /data/dalvik-cache/profiles from domain. Profiling information
leaks data about how people interact with apps, so we don't want
the data to be available in all SELinux domains.
Add read/write capabilities back to app domains, since apps need to
read/write profiling data.
Remove restorecon specific rules. The directory is now created by
init, not installd, so installd doesn't need to set the label.
Change-Id: Ic1b44009faa30d704855e97631006c4b990a4ad3
Diffstat (limited to 'installd.te')
-rw-r--r-- | installd.te | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/installd.te b/installd.te index 586f426..eed0343 100644 --- a/installd.te +++ b/installd.te @@ -46,8 +46,6 @@ allow installd dalvikcache_data_file:dir create_dir_perms; allow installd dalvikcache_data_file:file create_file_perms; # Create /data/dalvik-cache/profiles. -allow installd dalvikcache_data_file:dir relabelfrom; -allow installd dalvikcache_profiles_data_file:dir relabelto; allow installd dalvikcache_profiles_data_file:dir rw_dir_perms; allow installd dalvikcache_profiles_data_file:file create_file_perms; |