Do not allow priv_apps to scan all exec files

Bug: 36463595
Test: sailfish boots without new denials

Change-Id: I4271a293b91ab262dddd4d40220cd7daaff53bf2
Signed-off-by: Sandeep Patil <sspatil@google.com>
(cherry picked from commit b2586825e1ce92d637754b4c40e4d5edfd50a1a6)
This commit is contained in:
Sandeep Patil 2017-04-13 08:53:45 -07:00
parent 46f9c124b4
commit 0b9432023d

View file

@ -72,9 +72,6 @@ userdebug_or_eng(`
allow priv_app perfprofd_data_file:dir r_dir_perms; allow priv_app perfprofd_data_file:dir r_dir_perms;
') ')
# Allow GMS core to scan executables on the system partition
allow priv_app exec_type:file { getattr read open };
# For AppFuse. # For AppFuse.
allow priv_app vold:fd use; allow priv_app vold:fd use;
allow priv_app fuse_device:chr_file { read write }; allow priv_app fuse_device:chr_file { read write };