Merge "Remove mounton from app and web zygote" into main am: a8f2bbf7c2 am: 0980c27aef Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2947925 Change-Id: Icf2c6a6729f47ffc7ccad78f390856e6b98e398d Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

commit: 724aa0f1bc2f057ed889f2977b46d90dc44bf39b [log] [tgz]
author: Nate Myren <ntmyren@google.com> Mon Feb 12 21:59:40 2024 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Mon Feb 12 21:59:40 2024 +0000
tree: 867db3f284cb9bf66c84123715278307c4e5653c
parent: 0f8cd9e152ed04336a3b1a284035883dbbead5a5 [diff]
parent: 0980c27aef4fddf78555bb9dec53c70c4fa852a4 [diff]
diff --git a/private/app_zygote.te b/private/app_zygote.te
index 46cea8e..e3869cd 100644
--- a/private/app_zygote.te
+++ b/private/app_zygote.te

@@ -34,8 +34,6 @@
 # Interaction between the app_zygote and its children.
 allow app_zygote isolated_app:process setpgid;
 
-allow app_zygote properties_device:dir mounton;
-
 # TODO (b/63631799) fix this access
 dontaudit app_zygote mnt_expand_file:dir getattr;
 

diff --git a/private/webview_zygote.te b/private/webview_zygote.te
index 7b05af2..0556950 100644
--- a/private/webview_zygote.te
+++ b/private/webview_zygote.te

@@ -83,8 +83,6 @@
 
 allow webview_zygote system_data_file:lnk_file r_file_perms;
 
-allow webview_zygote properties_device:dir mounton;
-
 # Send unsolicited message to system_server
 unix_socket_send(webview_zygote, system_unsolzygote, system_server)
commit	724aa0f1bc2f057ed889f2977b46d90dc44bf39b	[log] [tgz]
author	Nate Myren <ntmyren@google.com>	Mon Feb 12 21:59:40 2024 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Mon Feb 12 21:59:40 2024 +0000
tree	867db3f284cb9bf66c84123715278307c4e5653c
parent	0f8cd9e152ed04336a3b1a284035883dbbead5a5 [diff]
parent	0980c27aef4fddf78555bb9dec53c70c4fa852a4 [diff]