Fixup neverallow rule When we removed /data/dalvik-cache execute permission for system_server (b/37214733, b/31780877), I forgot to fixup this neverallow rule. Fix rule. Test: policy compiles. Change-Id: I38b821a662e0d8304b8390a69a6d9e923211c31e

commit: 2ec15e5b279f3eeda795f7edd348e5a7d7ff518e [log] [tgz]
author: Nick Kralevich <nnk@google.com> Fri Oct 20 13:27:26 2017 -0700
committer: Nick Kralevich <nnk@google.com> Fri Oct 20 13:27:26 2017 -0700
tree: 61cbee0094653a8a1b56f5bfe290d1812a086318
parent: 714ee5f293042986791ce653900a3eb308e6788a [diff]
diff --git a/private/system_server.te b/private/system_server.te
index 44b3b0c..3510686 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -758,11 +758,8 @@
 neverallow system_server dex2oat_exec:file no_x_file_perms;
 
 # system_server should never execute or load executable shared libraries
-# in /data except for /data/dalvik-cache files.
-neverallow system_server {
-  data_file_type
-  -dalvikcache_data_file #mapping with PROT_EXEC
-}:file no_x_file_perms;
+# in /data
+neverallow system_server data_file_type:file no_x_file_perms;
 
 # The only block device system_server should be accessing is
 # the frp_block_device. This helps avoid a system_server to root
commit	2ec15e5b279f3eeda795f7edd348e5a7d7ff518e	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Fri Oct 20 13:27:26 2017 -0700
committer	Nick Kralevich <nnk@google.com>	Fri Oct 20 13:27:26 2017 -0700
tree	61cbee0094653a8a1b56f5bfe290d1812a086318
parent	714ee5f293042986791ce653900a3eb308e6788a [diff]