Merge "dumpstate: remove JIT and /data execute"
diff --git a/private/dumpstate.te b/private/dumpstate.te
index 2c2a62f..b3db3d4 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -8,9 +8,6 @@
# Acquire advisory lock on /system/etc/xtables.lock from ip[6]tables
allow dumpstate system_file:file lock;
-# TODO: deal with tmpfs_domain pub/priv split properly
-allow dumpstate dumpstate_tmpfs:file execute;
-
# systrace support - allow atrace to run
allow dumpstate debugfs_tracing:dir r_dir_perms;
allow dumpstate debugfs_tracing:file rw_file_perms;
diff --git a/public/domain.te b/public/domain.te
index a865bd8..deccae3 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -428,7 +428,6 @@
domain
-appdomain
with_asan(`-asan_extract')
- -dumpstate
-shell
userdebug_or_eng(`-su')
-webview_zygote
diff --git a/public/dumpstate.te b/public/dumpstate.te
index 9187f33..3b246c1 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -137,13 +137,6 @@
# For running am and similar framework commands.
# Run /system/bin/app_process.
allow dumpstate zygote_exec:file rx_file_perms;
-# Dalvik Compiler JIT.
-allow dumpstate ashmem_device:chr_file execute;
-allow dumpstate self:process execmem;
-# For art.
-allow dumpstate dalvikcache_data_file:dir { search getattr };
-allow dumpstate dalvikcache_data_file:file { r_file_perms execute };
-allow dumpstate dalvikcache_data_file:lnk_file r_file_perms;
# For Bluetooth
allow dumpstate bluetooth_data_file:dir search;