From 67e8fcc902dbee0145b3d502ff40b1ca2a8b38ac Mon Sep 17 00:00:00 2001
From: Yan Wang <yawanng@google.com>
Date: Thu, 9 Jan 2020 13:23:01 -0800
Subject: [PATCH] Using macro "rx_file_perms" instead of "execute_no_trans".

Bug: 147320338
Test: Run the maintenance and check if the compiled is executed.
---
 public/iorapd.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/public/iorapd.te b/public/iorapd.te
index 531c383d6..4c08c7200 100644
--- a/public/iorapd.te
+++ b/public/iorapd.te
@@ -37,7 +37,7 @@ allow iorapd self:global_capability_class_set sys_nice;
 unix_socket_connect(iorapd, traced_consumer, traced)
 
 # Allow iorapd to execute compilation (iorap.cmd.compiler) in idle time.
-allow iorapd system_file:file execute_no_trans;
+allow iorapd system_file:file rx_file_perms;
 
 ###
 ### neverallow rules