Allow all domains to read /dev symlinks.
Change-Id: I448a5553937a98775178b94f289ccb45ae862876
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
diff --git a/cts.te b/cts.te
index bf50d9c..8ae62da 100644
--- a/cts.te
+++ b/cts.te
@@ -23,13 +23,6 @@
allow appdomain dev_type:dir_file_class_set getattr;
allow appdomain fs_type:dir_file_class_set getattr;
-# Accesses to apk_tmp_file and shell_data_file
-allow appdomain apk_tmp_file:file rw_file_perms;
-allow appdomain shell_data_file:file r_file_perms;
-
-# Read permission over link file to devices.
-allow appdomain dev_type:lnk_file read;
-
# Tries to open /dev/alarm for writing but expects failure.
dontaudit appdomain alarm_device:chr_file write;
diff --git a/domain.te b/domain.te
index 1accf5d..42645cf 100644
--- a/domain.te
+++ b/domain.te
@@ -40,6 +40,7 @@
# Device accesses.
allow domain device:dir search;
+allow domain dev_type:lnk_file read;
allow domain devpts:dir search;
allow domain device:file read;
allow domain socket_device:dir search;
diff --git a/rild.te b/rild.te
index e8069bf..690bfab 100644
--- a/rild.te
+++ b/rild.te
@@ -22,7 +22,6 @@
allow rild bluetooth_efs_file:dir r_dir_perms;
allow rild radio_data_file:dir r_dir_perms;
allow rild radio_data_file:file rw_file_perms;
-allow rild radio_device:lnk_file r_file_perms;
allow rild sdcard_type:dir r_dir_perms;
allow rild system_data_file:dir create_dir_perms;
allow rild system_data_file:file create_file_perms;
diff --git a/vold.te b/vold.te
index c1b9055..8ffc404 100644
--- a/vold.te
+++ b/vold.te
@@ -7,7 +7,6 @@
allow vold system_file:file x_file_perms;
allow vold block_device:dir create_dir_perms;
allow vold block_device:blk_file create_file_perms;
-allow vold block_device:lnk_file read;
allow vold devpts:chr_file rw_file_perms;
allow vold rootfs:dir mounton;
allow vold sdcard_type:dir mounton;