Revert "Give Zygote the ability to write app data files." This was a mistaken attempt to fix bug 10498304, but it didn't actually have any impact. Revert. This reverts commit fc2bd01b601b00bf682c313d1e859d86ce030b67. Bug: 10498304

commit: 199fc73f79d429881fa6c8dc39051cfeb4b337ea [log] [tgz]
author: Nick Kralevich <nnk@google.com> Fri Sep 20 13:03:04 2013 -0700
committer: Nick Kralevich <nnk@google.com> Mon Sep 23 11:29:40 2013 -0700
tree: bfe36b4fb234fee27bfe288e951be3d8e392bbb3
parent: 7aba0bc425a993cf16f87988adeaaa77f805db5e [diff]
diff --git a/zygote.te b/zygote.te
index ddda88c..f974bbe 100644
--- a/zygote.te
+++ b/zygote.te

@@ -11,9 +11,9 @@
 # Switch SELinux context to app domains.
 allow zygote system_server:process dyntransition;
 allow zygote appdomain:process dyntransition;
-# Allow zygote to read + write app data dirs (b/10455872 and b/10498304)
+# Allow zygote to read app data dirs (b/10455872)
 allow zygote appdomain:dir { getattr search };
-allow zygote appdomain:file { r_file_perms write };
+allow zygote appdomain:file { r_file_perms };
 # Move children into the peer process group.
 allow zygote system_server:process { getpgid setpgid };
 allow zygote appdomain:process { getpgid setpgid };
commit	199fc73f79d429881fa6c8dc39051cfeb4b337ea	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Fri Sep 20 13:03:04 2013 -0700
committer	Nick Kralevich <nnk@google.com>	Mon Sep 23 11:29:40 2013 -0700
tree	bfe36b4fb234fee27bfe288e951be3d8e392bbb3
parent	7aba0bc425a993cf16f87988adeaaa77f805db5e [diff]