sepolicy: remove redudant rule for symlinks in /vendor/app All accesses to /vendor/app within platform include permissions to read symlinks in the location. This rule is redundant now. Bug: 36806861 Test: Boot sailfish and find no denials for 'vendor_app_file' Change-Id: Ic17a67521cff6717d83b78bb4ad8e21e772f6d4f Signed-off-by: Sandeep Patil <sspatil@google.com>

commit: f79d1904e85911a8d6e95cca5d988de25a6dfa55 [log] [tgz]
author: Sandeep Patil <sspatil@google.com> Wed Apr 05 18:58:20 2017 -0700
committer: Sandeep Patil <sspatil@google.com> Thu Apr 06 13:28:16 2017 -0700
tree: 3a7ea8f1707908bc92c812b0641eaf25a6417430
parent: df679fdbd9bf5d5828693a72fe6158535689b279 [diff]
diff --git a/public/domain.te b/public/domain.te
index b744206..addf4cf 100644
--- a/public/domain.te
+++ b/public/domain.te

@@ -131,11 +131,6 @@
     # through linker/loader.
     allow domain vendor_file:dir { getattr search };
 
-    # Some apps (com.android.phone) need to be able to open
-    # symlinked libraries
-    # TODO: b/36806861
-    allow domain vendor_app_file:lnk_file { open read };
-
     # Allow reading and executing out of /vendor to all vendor domains
     allow { domain -coredomain } vendor_file_type:dir r_dir_perms;
     allow { domain -coredomain } vendor_file_type:file { read open getattr execute };
commit	f79d1904e85911a8d6e95cca5d988de25a6dfa55	[log] [tgz]
author	Sandeep Patil <sspatil@google.com>	Wed Apr 05 18:58:20 2017 -0700
committer	Sandeep Patil <sspatil@google.com>	Thu Apr 06 13:28:16 2017 -0700
tree	3a7ea8f1707908bc92c812b0641eaf25a6417430
parent	df679fdbd9bf5d5828693a72fe6158535689b279 [diff]