Merge "Remove the last traces of idmap (replaced by idmap2)" am: 850045ae07 am: 4ed1cb5a1e

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2122593 Change-Id: Ie6eab2f168e8587b6a3b7a94e3ce92098a16e3f4 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-13 07:58:39 +00:00 · 2022-06-13 07:58:39 +00:00 · 1f3e23185a
commit 1f3e23185a
parent 290546b504 4ed1cb5a1e
2 changed files with 1 additions and 7 deletions
--- a/private/file_contexts
+++ b/private/file_contexts
@ -327,7 +327,6 @@
 /system/bin/blkid       u:object_r:blkid_exec:s0
 /system/bin/tzdatacheck u:object_r:tzdatacheck_exec:s0
 /system/bin/flags_health_check -- u:object_r:flags_health_check_exec:s0
-/system/bin/idmap u:object_r:idmap_exec:s0
 /system/bin/idmap2(d)?           u:object_r:idmap_exec:s0
 /system/bin/update_engine        u:object_r:update_engine_exec:s0
 /system/bin/profcollectd         u:object_r:profcollectd_exec:s0
--- a/public/idmap.te
+++ b/public/idmap.te
@ -2,15 +2,10 @@
 type idmap, domain;
 type idmap_exec, system_file_type, exec_type, file_type;

-# TODO remove /system/bin/idmap and the link between idmap and installd (b/118711077)
-# Use open file to /data/resource-cache file inherited from installd.
-allow idmap installd:fd use;
+# Allow read + write access to /data/resource-cache
 allow idmap resourcecache_data_file:file create_file_perms;
 allow idmap resourcecache_data_file:dir rw_dir_perms;

-# Ignore reading /proc/<pid>/maps after a fork.
-dontaudit idmap installd:file read;
-
 # Open and read from target and overlay apk files passed by argument.
 allow idmap apk_data_file:file r_file_perms;
 allow idmap apk_data_file:dir search;