From c727d6d40e7e514889c3eef6d82f394f9892f149 Mon Sep 17 00:00:00 2001 From: Tri Vo Date: Wed, 10 Jan 2018 09:09:00 -0800 Subject: [PATCH] bootanim: remove access to vendor_file type This domain should instead depend on same_process_hal_file, to which all domains already have access. Bug: 70990973 Test: emulator -gpu guest; boots with no denials from bootanim. Change-Id: Ic577dd3c3895f8471d68a0da245d37a17cd6a3f3 --- target/board/generic/sepolicy/bootanim.te | 1 - 1 file changed, 1 deletion(-) diff --git a/target/board/generic/sepolicy/bootanim.te b/target/board/generic/sepolicy/bootanim.te index b23e1ca751..e4f7c734af 100644 --- a/target/board/generic/sepolicy/bootanim.te +++ b/target/board/generic/sepolicy/bootanim.te @@ -3,7 +3,6 @@ allow bootanim ashmem_device:chr_file execute; #TODO: This can safely be ignored until b/62954877 is fixed dontaudit bootanim system_data_file:dir read; -allow bootanim vendor_file:file { execute getattr open read }; allow bootanim graphics_device:chr_file { read ioctl open }; set_prop(bootanim, qemu_prop)