Merge "Destroy vold socket interface completely."

private/app.te

@@ -396,7 +396,6 @@ neverallow appdomain socket_device:sock_file write;
 # Unix domain sockets.
 neverallow appdomain adbd_socket:sock_file write;
 neverallow { appdomain -radio } rild_socket:sock_file write;
-neverallow appdomain vold_socket:sock_file write;
 neverallow appdomain zygote_socket:sock_file write;
 
 # ptrace access to non-app domains.

private/compat/26.0/26.0.cil

@@ -9,6 +9,7 @@
 (type mediacasserver_service)
 (type tracing_shell_writable)
 (type tracing_shell_writable_debug)
+(type vold_socket)
 
 (typeattributeset accessibility_service_26_0 (accessibility_service))
 (typeattributeset account_service_26_0 (account_service))

private/file_contexts

@@ -118,7 +118,6 @@
 /dev/snd/audio_seq_device	u:object_r:audio_seq_device:s0
 /dev/socket(/.*)?	u:object_r:socket_device:s0
 /dev/socket/adbd	u:object_r:adbd_socket:s0
-/dev/socket/cryptd	u:object_r:vold_socket:s0
 /dev/socket/dnsproxyd	u:object_r:dnsproxyd_socket:s0
 /dev/socket/dumpstate	u:object_r:dumpstate_socket:s0
 /dev/socket/fwmarkd	u:object_r:fwmarkd_socket:s0
@@ -147,7 +146,6 @@
 /dev/socket/tombstoned_java_trace u:object_r:tombstoned_java_trace_socket:s0
 /dev/socket/tombstoned_intercept u:object_r:tombstoned_intercept_socket:s0
 /dev/socket/uncrypt	u:object_r:uncrypt_socket:s0
-/dev/socket/vold	u:object_r:vold_socket:s0
 /dev/socket/webview_zygote	u:object_r:webview_zygote_socket:s0
 /dev/socket/wpa_eth[0-9] u:object_r:wpa_socket:s0
 /dev/socket/wpa_wlan[0-9] u:object_r:wpa_socket:s0

private/system_server.te

@@ -159,7 +159,6 @@ allow system_server self:tun_socket create_socket_perms_no_ioctl;
 unix_socket_connect(system_server, lmkd, lmkd)
 unix_socket_connect(system_server, mtpd, mtp)
 unix_socket_connect(system_server, netd, netd)
-unix_socket_connect(system_server, vold, vold)
 unix_socket_connect(system_server, webview_zygote, webview_zygote)
 unix_socket_connect(system_server, zygote, zygote)
 unix_socket_connect(system_server, racoon, racoon)

public/file.te

@@ -277,7 +277,6 @@ type tombstoned_crash_socket, file_type, coredomain_socket, mlstrustedobject;
 type tombstoned_java_trace_socket, file_type, mlstrustedobject;
 type tombstoned_intercept_socket, file_type, coredomain_socket;
 type uncrypt_socket, file_type, coredomain_socket;
-type vold_socket, file_type, coredomain_socket;
 type webview_zygote_socket, file_type, coredomain_socket;
 type wpa_socket, file_type, data_file_type;
 type zygote_socket, file_type, coredomain_socket;

public/init.te

@@ -395,8 +395,6 @@ allow init unencrypted_data_file:dir create_dir_perms;
 # Allow init to write to /proc/sys/vm/overcommit_memory
 allow init proc_overcommit_memory:file { write };
 
-unix_socket_connect(init, vold, vold)
-
 # Raw writes to misc block device
 allow init misc_block_device:blk_file w_file_perms;
 

public/vdc.te

@@ -8,22 +8,6 @@
 type vdc, domain;
 type vdc_exec, exec_type, file_type;
 
-# TODO: remove as part of 13758960
-unix_socket_connect(vdc, vold, vold)
-
-# vdc sends information back to dumpstate when "adb bugreport" is used
-# TODO: remove as part of 13758960
-allow vdc dumpstate:fd use;
-allow vdc dumpstate:unix_stream_socket { read write getattr };
-
-# vdc information is written to shell owned bugreport files
-# TODO: remove as part of 13758960
-allow vdc shell_data_file:file { write getattr };
-
-# Why?
-# TODO: remove as part of 13758960
-allow vdc dumpstate:unix_dgram_socket { read write };
-
 # vdc can be invoked with logwrapper, so let it write to pty
 allow vdc devpts:chr_file rw_file_perms;