tombstoned: clean up TODO on anr writes
audit logs indicate that "append" is still used, but not write.
From ToT master:
avc: granted { append } for comm="tombstoned" scontext=u:r:tombstoned:s0
tcontext=u:object_r:anr_data_file:s0 tclass=file
Bug: 32064548
Test: build
Change-Id: Id05853a8ae38b84deed4d8bcca5a72c64ce7fd7e
diff --git a/public/tombstoned.te b/public/tombstoned.te
index 0e585b6..9c75c97 100644
--- a/public/tombstoned.te
+++ b/public/tombstoned.te
@@ -11,12 +11,7 @@
allow tombstoned tombstone_data_file:dir rw_dir_perms;
allow tombstoned tombstone_data_file:file { create_file_perms link };
-# TODO: Remove append / write permissions. They were temporarily
-# granted due to a bug which appears to have been fixed.
-allow tombstoned anr_data_file:file { append write };
-auditallow tombstoned anr_data_file:file { append write };
-
# Changes for the new stack dumping mechanism. Each trace goes into a
# separate file, and these files are managed by tombstoned.
allow tombstoned anr_data_file:dir rw_dir_perms;
-allow tombstoned anr_data_file:file { create getattr open link unlink };
+allow tombstoned anr_data_file:file { append create getattr open link unlink };