From 88ae55951dc8d71f3d61f123dfd9f272139ae376 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Thu, 4 Apr 2013 11:18:26 -0400
Subject: [PATCH] Drop SELinux management rules from AOSP.

As AOSP does not support the device admin API or the older
SEManager system app, just drop the allow rules associated with
permitting SELinux management via device admin or a system app.

Change-Id: Icdf40c9e6d343b19c156e4c7aea4cfb8c5f234ad
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 system.te | 16 ----------------
 1 file changed, 16 deletions(-)

diff --git a/system.te b/system.te
index 2c3449f69..4fc4283b0 100644
--- a/system.te
+++ b/system.te
@@ -30,22 +30,6 @@ selinux_getenforce(system_app)
 # Settings app reads sdcard for storage stats
 allow system_app sdcard_type:dir r_dir_perms;
 
-bool manage_selinux true;
-if (manage_selinux) {
-selinux_manage_policy(system)
-selinux_manage_policy(system_app)
-access_kmsg(system)
-access_kmsg(system_app)
-}
-
-bool manage_mac true;
-if (manage_mac) {
-mmac_manage_policy(system)
-mmac_manage_policy(system_app)
-access_logcat(system)
-access_logcat(system_app)
-}
-
 #
 # System Server aka system_server spawned by zygote.
 # Most of the framework services run in this process.