Remove all sepolicy relating to racoon

Legacy VPNs are removed, including the usage of racoon. Bug: 161776767 Test: m Change-Id: I8211b3f00cc0213b1c89b269857adc7c21b97efb
2023-11-28 14:11:06 +08:00 · 2023-11-28 14:11:06 +08:00 · 1aac0c51a0
commit 1aac0c51a0
parent 9449a6f2ef
5 changed files with 4 additions and 33 deletions
--- a/private/compat/34.0/34.0.cil
+++ b/private/compat/34.0/34.0.cil
@ -1,3 +1,7 @@
+;; types removed from current policy
+(type racoon)
+(type racoon_exec)
+
 ;; mapping information from ToT policy's types to 34.0 policy's types.
 (expandtypeattribute (DockObserver_service_34_0) true)
 (expandtypeattribute (IProxyService_service_34_0) true)
--- a/private/file_contexts
+++ b/private/file_contexts
@ -177,7 +177,6 @@
 /dev/socket/prng_seeder	u:object_r:prng_seeder_socket:s0
 /dev/socket/property_service	u:object_r:property_socket:s0
 /dev/socket/property_service_for_system  u:object_r:property_socket:s0
-/dev/socket/racoon	u:object_r:racoon_socket:s0
 /dev/socket/recovery    u:object_r:recovery_socket:s0
 /dev/socket/rild	u:object_r:rild_socket:s0
 /dev/socket/rild-debug	u:object_r:rild_debug_socket:s0
@ -319,7 +318,6 @@
 /system/bin/dmesgd	u:object_r:dmesgd_exec:s0
 /system/bin/mtpd	u:object_r:mtp_exec:s0
 /system/bin/pppd	u:object_r:ppp_exec:s0
-/system/bin/racoon	u:object_r:racoon_exec:s0
 /system/xbin/su		u:object_r:su_exec:s0
 /system/bin/dnsmasq     u:object_r:dnsmasq_exec:s0
 /system/bin/linker(64)? u:object_r:system_linker_exec:s0
--- a/private/racoon.te
+++ b/private/racoon.te
@ -1,3 +0,0 @@
-typeattribute racoon coredomain;
-
-init_daemon_domain(racoon)
--- a/private/system_server.te
+++ b/private/system_server.te
@ -262,7 +262,6 @@ allow system_server self:tun_socket create_socket_perms_no_ioctl;
 unix_socket_connect(system_server, lmkd, lmkd)
 unix_socket_connect(system_server, mtpd, mtp)
 unix_socket_connect(system_server, zygote, zygote)
-unix_socket_connect(system_server, racoon, racoon)
 unix_socket_connect(system_server, uncrypt, uncrypt)

 # Allow system_server to write to statsd.
--- a/public/racoon.te
+++ b/public/racoon.te
@ -1,27 +0,0 @@
-# IKE key management daemon
-type racoon, domain;
-type racoon_exec, system_file_type, exec_type, file_type;
-
-typeattribute racoon mlstrustedsubject;
-
-net_domain(racoon)
-allowxperm racoon self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFADDR SIOCSIFNETMASK };
-
-binder_use(racoon)
-
-allow racoon tun_device:chr_file r_file_perms;
-allowxperm racoon tun_device:chr_file ioctl TUNSETIFF;
-allow racoon cgroup:dir { add_name create };
-allow racoon cgroup_v2:dir { add_name create };
-
-allow racoon self:key_socket create_socket_perms_no_ioctl;
-allow racoon self:tun_socket create_socket_perms_no_ioctl;
-allow racoon self:global_capability_class_set { net_admin net_bind_service net_raw };
-
-# XXX: should we give ip-up-vpn its own label (currently racoon domain)
-allow racoon system_file:file rx_file_perms;
-not_full_treble(`allow racoon vendor_file:file rx_file_perms;')
-allow racoon vpn_data_file:file create_file_perms;
-allow racoon vpn_data_file:dir w_dir_perms;
-
-use_keystore(racoon)