Remove domain_deprecated from isolated_app

Address denials: avc: denied { read } for name="meminfo" dev="proc" ino=4026544360 scontext=u:r:isolated_app:s0:c512,c768 tcontext=u:object_r:proc_meminfo:s0 tclass=file permissive=0 Bug: 28722489 Change-Id: I3c55bd95bb82ec54e88e9e9bc42d6392a216a936
2016-05-12 13:22:37 -07:00 · 2016-05-12 13:22:37 -07:00 · 0b430aba22
commit 0b430aba22
parent 68339ac337
3 changed files with 4 additions and 4 deletions
--- a/app.te
+++ b/app.te
@ -205,6 +205,9 @@ allow appdomain console_device:chr_file { read write };

 allow { appdomain -isolated_app } ion_device:chr_file rw_file_perms;

+# TODO: switch to meminfo service
+allow appdomain proc_meminfo:file r_file_perms;
+
 # For app fuse.
 allow appdomain app_fuse_file:file { getattr read append write };

--- a/isolated_app.te
+++ b/isolated_app.te
@ -9,7 +9,7 @@
 ### additional following rules:
 ###

-type isolated_app, domain, domain_deprecated;
+type isolated_app, domain;
 app_domain(isolated_app)

 # Access already open app data files received over Binder or local socket IPC.
--- a/untrusted_app.te
+++ b/untrusted_app.te
@ -84,9 +84,6 @@ userdebug_or_eng(`
 # gdbserver for ndk-gdb ptrace attaches to app process.
 allow untrusted_app self:process ptrace;

-# TODO: switch to meminfo service
-allow untrusted_app proc_meminfo:file r_file_perms;
-
 # access /proc/net/xt_qtguid/stats
 r_dir_file(untrusted_app, proc_net)