remove base app app_data_file execute_no_trans

thestinger · randomhydrosol · commit bddf5f5693e0 · 2021-04-10T03:38:21.000+05:30
Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
diff --git a/prebuilts/api/30.0/private/untrusted_base_app_25.te b/prebuilts/api/30.0/private/untrusted_base_app_25.te
@@ -26,12 +26,6 @@ allow untrusted_base_app_25 proc_misc:file r_file_perms;
 # This will go away in a future Android release
 allow untrusted_base_app_25 proc_tty_drivers:file r_file_perms;
 
-# The ability to call exec() on files in the apps home directories
-# for targetApi<=25. This is also allowed for targetAPIs 26, 27,
-# and 28 in untrusted_app_27.te.
-allow untrusted_base_app_25 app_data_file:file execute_no_trans;
-auditallow untrusted_base_app_25 app_data_file:file { execute execute_no_trans };
-
 # The ability to invoke dex2oat. Historically required by ART, now only
 # allowed for targetApi<=28 for compat reasons.
 allow untrusted_base_app_25 dex2oat_exec:file rx_file_perms;
diff --git a/prebuilts/api/30.0/private/untrusted_base_app_27.te b/prebuilts/api/30.0/private/untrusted_base_app_27.te
@@ -15,11 +15,6 @@ untrusted_app_domain(untrusted_base_app_27)
 net_domain(untrusted_base_app_27)
 bluetooth_domain(untrusted_base_app_27)
 
-# The ability to call exec() on files in the apps home directories
-# for targetApi 26, 27, and 28.
-allow untrusted_base_app_27 app_data_file:file execute_no_trans;
-auditallow untrusted_base_app_27 app_data_file:file { execute execute_no_trans };
-
 # The ability to invoke dex2oat. Historically required by ART, now only
 # allowed for targetApi<=28 for compat reasons.
 allow untrusted_base_app_27 dex2oat_exec:file rx_file_perms;
diff --git a/private/untrusted_base_app_25.te b/private/untrusted_base_app_25.te
@@ -26,12 +26,6 @@ allow untrusted_base_app_25 proc_misc:file r_file_perms;
 # This will go away in a future Android release
 allow untrusted_base_app_25 proc_tty_drivers:file r_file_perms;
 
-# The ability to call exec() on files in the apps home directories
-# for targetApi<=25. This is also allowed for targetAPIs 26, 27,
-# and 28 in untrusted_app_27.te.
-allow untrusted_base_app_25 app_data_file:file execute_no_trans;
-auditallow untrusted_base_app_25 app_data_file:file { execute execute_no_trans };
-
 # The ability to invoke dex2oat. Historically required by ART, now only
 # allowed for targetApi<=28 for compat reasons.
 allow untrusted_base_app_25 dex2oat_exec:file rx_file_perms;
diff --git a/private/untrusted_base_app_27.te b/private/untrusted_base_app_27.te
@@ -15,11 +15,6 @@ untrusted_app_domain(untrusted_base_app_27)
 net_domain(untrusted_base_app_27)
 bluetooth_domain(untrusted_base_app_27)
 
-# The ability to call exec() on files in the apps home directories
-# for targetApi 26, 27, and 28.
-allow untrusted_base_app_27 app_data_file:file execute_no_trans;
-auditallow untrusted_base_app_27 app_data_file:file { execute execute_no_trans };
-
 # The ability to invoke dex2oat. Historically required by ART, now only
 # allowed for targetApi<=28 for compat reasons.
 allow untrusted_base_app_27 dex2oat_exec:file rx_file_perms;
