isolated_app: remove app_data_file execute
In commit ad891591e6c5d3ffffd2633672c48ab7e263cdec, we allowed
isolated processes to execute files from /data/data/APPNAME.
I'm pretty sure all the necessary linker changes have been made
so that this functionality isn't required anymore. Remove the
allow rule.
This is essentially a revert of ad891591e6c5d3ffffd2633672c48ab7e263cdec.
Change-Id: I1b073916f66f4965dfc53c0ea2b624bbb2fe8816
diff --git a/isolated_app.te b/isolated_app.te
index ae4445a..0629ab3 100644
--- a/isolated_app.te
+++ b/isolated_app.te
@@ -16,12 +16,6 @@
# Isolated apps shouldn't be able to access the driver directly.
neverallow isolated_app gpu_device:file { rw_file_perms execute };
-# read and write access to app_data_file is already
-# granted via app.te. Allow execute.
-# Needed to allow dlopen() from Chrome renderer processes.
-# See b/15902433 for details.
-allow isolated_app app_data_file:file execute;
-
# Audited locally.
service_manager_local_audit_domain(isolated_app)
auditallow isolated_app {