Stephen Smalley committed c17d30a

Delete dalvikcache_data_file write/setattr access from shell.

This showed up at some point in the past during our own
internal CTS testing but it seems wrong based on the DAC
permissions and a potential way to inject code into apps
from the shell. Drop it for now and see if it shows up again.
This predates userdebug/eng vs user shell split so possibly
it only happens in the userdebug/eng case.

Change-Id: If8b1e7817f8efecbf68a0ba5fd06328a23a6c6db
Signed-off-by: Stephen Smalley <>

Comments (0)

Files changed (1)

 allow shelldomain zygote_exec:file rx_file_perms;
 r_dir_file(shelldomain, apk_data_file)
-allow shelldomain dalvikcache_data_file:file { write setattr };
 # Set properties.
 unix_socket_connect(shelldomain, property, init)