Merge "Remove system_server and zygote unlabeled execute access."

commit: f197f8ce4a117e4134204a82d178d8d9ee753d3b [log] [tgz]
author: Nick Kralevich <nnk@google.com> Fri Feb 28 21:35:15 2014 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Fri Feb 28 21:35:15 2014 +0000
tree: 866103a4215992637722736f6077018492663380
parent: b19a191af6d5cc6567739c0536a9519e16aa45f4 [diff]
parent: 37afd3f6c337a6914de36ec8658593b523f32e3d [diff]
diff --git a/system_server.te b/system_server.te
index 152ece1..f48fd2c 100644
--- a/system_server.te
+++ b/system_server.te

@@ -236,11 +236,6 @@
 # For SELinuxPolicyInstallReceiver
 selinux_manage_policy(system_server)
 
-# For legacy unlabeled userdata on existing devices.
-# See discussion of Unlabeled files in domain.te for more information.
-# This rule is for dalvikcache mmap/mprotect PROT_EXEC.
-allow system_server unlabeled:file execute;
-
 # logd access, system_server inherit logd write socket
 # (urge is to deprecate this long term)
 allow system_server zygote:unix_dgram_socket write;

diff --git a/zygote.te b/zygote.te
index b6a527c..c20072d 100644
--- a/zygote.te
+++ b/zygote.te

@@ -52,8 +52,3 @@
 allow zygote shell_data_file:file { write getattr };
 allow zygote system_server:binder { transfer call };
 allow zygote servicemanager:binder { call };
-
-# For legacy unlabeled userdata on existing devices.
-# See discussion of Unlabeled files in domain.te for more information.
-# This rule is for dalvikcache mmap/mprotect PROT_EXEC.
-allow zygote unlabeled:file execute;
commit	f197f8ce4a117e4134204a82d178d8d9ee753d3b	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Fri Feb 28 21:35:15 2014 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Fri Feb 28 21:35:15 2014 +0000
tree	866103a4215992637722736f6077018492663380
parent	b19a191af6d5cc6567739c0536a9519e16aa45f4 [diff]
parent	37afd3f6c337a6914de36ec8658593b523f32e3d [diff]