Cleanup authfs_service / servicemanager communication permissions

This cl removes SELinux policies related to authfs_service / servicemanager communication as authfs_service now uses rpc binder instead of servicemanager. Bug: 257260848 Test: atest ComposHostTestCases Change-Id: I3e3de94a837c95e8f486438cc6a76fea39ffc6f3
2022-11-21 09:29:41 +00:00 · 2022-11-21 09:29:41 +00:00 · 1a0c3f88e0
commit 1a0c3f88e0
parent 45d8baf70d
4 changed files with 0 additions and 11 deletions
--- a/microdroid/system/private/authfs_service.te
+++ b/microdroid/system/private/authfs_service.te
@ -9,10 +9,6 @@ type authfs_service_exec, exec_type, file_type, system_file_type;
 # Allow domain transition from init.
 init_daemon_domain(authfs_service)

-# Allow running as a binder service.
-binder_call(authfs_service, servicemanager)
-add_service(authfs_service, authfs_binder_service)
-
 # Allow domain transition into authfs.
 domain_auto_trans(authfs_service, authfs_exec, authfs)

--- a/microdroid/system/private/microdroid_payload.te
+++ b/microdroid/system/private/microdroid_payload.te
@ -44,11 +44,6 @@ r_dir_file(microdroid_payload, extra_apk_file)
 # Payload can read /proc/meminfo.
 allow microdroid_payload proc_meminfo:file r_file_perms;

-# Allow use of authfs.
-binder_use(microdroid_payload);
-allow microdroid_payload authfs_binder_service:service_manager find;
-binder_call(microdroid_payload, authfs_service);
-
 # Allow payload to communicate with authfs_service
 unix_socket_connect(microdroid_payload, authfs_service, authfs_service)

--- a/microdroid/system/private/service_contexts
+++ b/microdroid/system/private/service_contexts
@ -1,6 +1,5 @@
 adb                                       u:object_r:adb_service:s0
 virtual_machine_payload_service           u:object_r:vm_payload_binder_service:s0
 apexservice                               u:object_r:apex_service:s0
-authfs_service                            u:object_r:authfs_binder_service:s0
 manager                                   u:object_r:service_manager_service:s0
 *                                         u:object_r:default_android_service:s0
--- a/microdroid/system/public/type.te
+++ b/microdroid/system/public/type.te
@ -1,7 +1,6 @@
 # Miscellaneous types
 type adb_service, service_manager_type;
 type apex_service, service_manager_type;
-type authfs_binder_service, service_manager_type;
 type default_android_service, service_manager_type;
 type vm_payload_binder_service, service_manager_type;
 type service_manager_service, service_manager_type;