commit 21b4a9259052c3f311923b2d79c6c2dd79217732
author Jeff Vander Stoep <jeffv@google.com> Tue Jul 25 11:52:19 2017 -0700
committer Jeff Vander Stoep <jeffv@google.com> Tue Jul 25 11:52:19 2017 -0700
tree 6e3f67607c1b3bf3af66a97e623515779d99f6ff
parent 6775ee152f1154e1610cb91c3b85036cff43fee8

domain_deprecated: Remove access to /data/app

Logs indicate that all processes that require access already have it.

Bug: 28760354
Test: build
Change-Id: I8533308d0e5f9bf20e542f8435d70ba7755b4938

private/domain_deprecated.te

diff --git a/private/domain_deprecated.te b/private/domain_deprecated.te
index fc77b11..ccb7e85 100644
--- a/private/domain_deprecated.te
+++ b/private/domain_deprecated.te
@@ -1,33 +1,5 @@
 # rules removed from the domain attribute
 
-# Read apk files under /data/app.
-allow domain_deprecated apk_data_file:dir { getattr search };
-allow domain_deprecated apk_data_file:file r_file_perms;
-allow domain_deprecated apk_data_file:lnk_file r_file_perms;
-userdebug_or_eng(`
-auditallow {
-  domain_deprecated
-  -appdomain
-  -dex2oat
-  -installd
-  -system_server
-} apk_data_file:dir { getattr search };
-auditallow {
-  domain_deprecated
-  -appdomain
-  -dex2oat
-  -installd
-  -system_server
-} apk_data_file:file r_file_perms;
-auditallow {
-  domain_deprecated
-  -appdomain
-  -dex2oat
-  -installd
-  -system_server
-} apk_data_file:lnk_file r_file_perms;
-')
-
 # Read access to pseudo filesystems.
 r_dir_file(domain_deprecated, proc)
 r_dir_file(domain_deprecated, sysfs)