commit 0bfa7b53850cbe451a7f00bebe6da6869f0685c8
author Nick Kralevich <nnk@google.com> Fri Oct 26 13:11:52 2018 -0700
committer Nick Kralevich <nnk@google.com> Fri Oct 26 13:25:51 2018 -0700
tree 6a44425f56bec28583dd54106fa5192ce803daa9
parent 3eae9de2e8658a03f89db4cff747d5a67a2bf8b7

Switch to r_file_perms

The current rule is missing mmap. r_file_perm implicitly adds mmap, so
we should just use that instead.

Test: policy compiles.
Change-Id: I4051d1eb4c36a2b6ff2b5f26ce53355287cbe2b4

private/untrusted_app_all.te

diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index 32eec26..54d278e 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -108,7 +108,7 @@
 # TODO (b/37784178) Consider creating  a special type for /vendor/app installed
 # apps.
 allow untrusted_app_all vendor_app_file:dir { open getattr read search };
-allow untrusted_app_all vendor_app_file:file { open getattr read execute };
+allow untrusted_app_all vendor_app_file:file { r_file_perms execute };
 allow untrusted_app_all vendor_app_file:lnk_file { open getattr read };
 
 # Write app-specific trace data to the Perfetto traced damon. This requires