sepolicy: fix comments around 'domain' access to search in /vendor Effectively removes TODOs and finalizes the initial solution to allow all domains access to 'vendor_file'. Bug: 36681074 Test: Build and boot sailfish (no policy changes in the CL) Change-Id: I50c05e20175c5273b34901809d967dd3e48bdb0e Signed-off-by: Sandeep Patil <sspatil@google.com>

commit: 54189c5321a0e2e51468ffb9a415c190f98be69c [log] [tgz]
author: Sandeep Patil <sspatil@google.com> Wed Apr 05 20:10:14 2017 -0700
committer: Sandeep Patil <sspatil@google.com> Thu Apr 06 13:28:16 2017 -0700
tree: 7f392549b36c3b7176b97651b59da9cada22fc25
parent: f79d1904e85911a8d6e95cca5d988de25a6dfa55 [diff]
diff --git a/public/domain.te b/public/domain.te
index addf4cf..f16d277 100644
--- a/public/domain.te
+++ b/public/domain.te

@@ -123,12 +123,9 @@
 allow domain vendor_configs_file:dir r_dir_perms;
 allow domain vendor_configs_file:file { read open getattr };
 
-# TODO: (b/36681074) - Remove after this is resolved
-# TODO: (b/36680116, b/36656392, b/36681210) All need directory
-# lookup to find / open their libraries
 full_treble_only(`
-    # Everyone needs to lookup libraries in /vendor/lib(64)
-    # through linker/loader.
+    # This is required "most likely" for LD_LIBRARY_PATH
+    # (b/36681074)
     allow domain vendor_file:dir { getattr search };
 
     # Allow reading and executing out of /vendor to all vendor domains
commit	54189c5321a0e2e51468ffb9a415c190f98be69c	[log] [tgz]
author	Sandeep Patil <sspatil@google.com>	Wed Apr 05 20:10:14 2017 -0700
committer	Sandeep Patil <sspatil@google.com>	Thu Apr 06 13:28:16 2017 -0700
tree	7f392549b36c3b7176b97651b59da9cada22fc25
parent	f79d1904e85911a8d6e95cca5d988de25a6dfa55 [diff]