am c6cb6ac4: Merge "isolated_app: remove app_data_file execute"

* commit 'c6cb6ac451b0faf6e9344282a909e910f819a296': isolated_app: remove app_data_file execute
2014-10-02 16:08:33 +00:00 · 2014-10-02 16:08:33 +00:00 · 11488fa322
commit 11488fa322
parent e923f65a80 c6cb6ac451
1 changed files with 0 additions and 6 deletions
--- a/isolated_app.te
+++ b/isolated_app.te
@ -16,12 +16,6 @@ net_domain(isolated_app)
 # Isolated apps shouldn't be able to access the driver directly.
 neverallow isolated_app gpu_device:file { rw_file_perms execute };

-# read and write access to app_data_file is already
-# granted via app.te. Allow execute.
-# Needed to allow dlopen() from Chrome renderer processes.
-# See b/15902433 for details.
-allow isolated_app app_data_file:file execute;
-
 # Audited locally.
 service_manager_local_audit_domain(isolated_app)
 auditallow isolated_app {