If we don't allow isolated_app app_data_file:dir search;, then we don't
actually need to restrict open; you can't use open (or truncate or link
or chmod) on a file by pathname without search access to its parent.
Thanks Stephen. Proposed change in AOSP: https://android-review.googlesource.com/#/c/171182/
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
