Remove now-unused permissions

CompOS no longer talks directly to DICE (compos_key_helper does). odsign
no longer promotes or deletes instance CompOS files, and the key files
don't exist any more.

Bug: 218494522
Test: Manual; trigger compilation, reboot & watch odsign
Change-Id: Ibc251180122e6e4789b4be5669da3da67517b49c

microdroid/system/private/compos.te

@@ -7,13 +7,8 @@ allow compos self:vsock_socket { create_socket_perms_no_ioctl listen accept };
 
 # Allow using various binder services
 binder_use(compos);
-allow compos {
-    authfs_binder_service
-    dice_node_service
-}:service_manager find;
+allow compos authfs_binder_service:service_manager find;
 binder_call(compos, authfs_service);
-binder_call(compos, diced);
-allow compos diced:diced { get_attestation_chain derive };
 
 # Read artifacts created by odrefresh and create signature files.
 allow compos authfs_fuse:dir rw_dir_perms;

private/odsign.te

@@ -44,10 +44,6 @@ allow odsign apex_module_data_file:dir { getattr search };
 allow odsign apex_art_data_file:dir { rw_dir_perms rmdir rename };
 allow odsign apex_art_data_file:file { rw_file_perms unlink };
 
-# For CompOS instance & key files
-allow odsign apex_compos_data_file:dir { getattr search };
-allow odsign apex_compos_data_file:file r_file_perms;
-
 # Run odrefresh to refresh ART artifacts
 domain_auto_trans(odsign, odrefresh_exec, odrefresh)