From f5f4c1207ad9833d42cc118076daf9211b1932ec Mon Sep 17 00:00:00 2001
From: Yifan Hong <elsk@google.com>
Date: Thu, 8 Oct 2020 22:13:44 +0000
Subject: [PATCH] Revert "Add /boot files as ramdisk_boot_file."

This reverts commit 2576a2fc30dd030292b65dfbaee0e0afb8b75ee7.

Reason for revert: conflict with device-specific sepolicy

Bug: 170411692
Change-Id: Ie5fde9dd91b603f155cee7a9d7ef432a05dc6827
Test: pass
---
 private/compat/30.0/30.0.ignore.cil | 1 -
 private/domain.te                   | 3 ---
 private/file_contexts               | 4 ----
 public/file.te                      | 3 ---
 public/init.te                      | 6 ------
 public/vendor_init.te               | 5 -----
 6 files changed, 22 deletions(-)

diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index d3bebbbde..7db303c55 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -30,7 +30,6 @@
     profcollectd_data_file
     profcollectd_exec
     profcollectd_service
-    ramdisk_boot_file
     shell_test_data_file
     sysfs_devices_cs_etm
     update_engine_stable_service
diff --git a/private/domain.te b/private/domain.te
index b1f968f5a..5cc313abb 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -437,6 +437,3 @@ full_treble_only(`
     -vndk_sp_file
   }:file *;
 ')
-
-# Only first_stage_init can read files under /boot.
-neverallow domain ramdisk_boot_file:dir_file_class_set *;
diff --git a/private/file_contexts b/private/file_contexts
index e7cc90659..84fb2a7bc 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -762,7 +762,3 @@
 #############################
 # mount point for read-write product partitions
 /mnt/product(/.*)?          u:object_r:mnt_product_file:s0
-
-#############################
-# Ramdisk files under /boot
-/boot(/.*)?                 u:object_r:ramdisk_boot_file:s0
diff --git a/public/file.te b/public/file.te
index b9b5fef39..3d10999b2 100644
--- a/public/file.te
+++ b/public/file.te
@@ -560,6 +560,3 @@ type audiohal_data_file, file_type, data_file_type, core_data_file_type;
 # Should be:
 #   type apk_data_file, file_type, data_file_type;
 neverallow fs_type file_type:filesystem associate;
-
-# /boot
-type ramdisk_boot_file, file_type;
diff --git a/public/init.te b/public/init.te
index 077816f12..f84bacbf5 100644
--- a/public/init.te
+++ b/public/init.te
@@ -179,7 +179,6 @@ allow init {
   -misc_logd_file
   -nativetest_data_file
   -privapp_data_file
-  -ramdisk_boot_file
   -system_app_data_file
   -system_file_type
   -vendor_file_type
@@ -194,7 +193,6 @@ allow init {
   -keystore_data_file
   -misc_logd_file
   -nativetest_data_file
-  -ramdisk_boot_file
   -privapp_data_file
   -shell_data_file
   -system_app_data_file
@@ -215,7 +213,6 @@ allow init {
   -misc_logd_file
   -nativetest_data_file
   -privapp_data_file
-  -ramdisk_boot_file
   -runtime_event_log_tags_file
   -shell_data_file
   -system_app_data_file
@@ -235,7 +232,6 @@ allow init {
   -misc_logd_file
   -nativetest_data_file
   -privapp_data_file
-  -ramdisk_boot_file
   -shell_data_file
   -system_app_data_file
   -system_file_type
@@ -255,7 +251,6 @@ allow init {
   -misc_logd_file
   -nativetest_data_file
   -privapp_data_file
-  -ramdisk_boot_file
   -shell_data_file
   -system_app_data_file
   -system_file_type
@@ -272,7 +267,6 @@ allow init {
   -exec_type
   -app_data_file
   -privapp_data_file
-  -ramdisk_boot_file
 }:dir_file_class_set relabelto;
 
 allow init { sysfs debugfs debugfs_tracing debugfs_tracing_debug }:{ dir file lnk_file } { getattr relabelfrom };
diff --git a/public/vendor_init.te b/public/vendor_init.te
index c729370f7..0bdf63213 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -52,7 +52,6 @@ allow vendor_init {
   -mnt_product_file
   -password_slot_metadata_file
   -ota_metadata_file
-  -ramdisk_boot_file
   -unlabeled
   -vendor_file_type
   -vold_metadata_file
@@ -69,7 +68,6 @@ allow vendor_init {
   -exec_type
   -password_slot_metadata_file
   -ota_metadata_file
-  -ramdisk_boot_file
   -runtime_event_log_tags_file
   -system_file_type
   -unlabeled
@@ -87,7 +85,6 @@ allow vendor_init {
   -exec_type
   -password_slot_metadata_file
   -ota_metadata_file
-  -ramdisk_boot_file
   -system_file_type
   -unlabeled
   -vendor_file_type
@@ -104,7 +101,6 @@ allow vendor_init {
   -exec_type
   -password_slot_metadata_file
   -ota_metadata_file
-  -ramdisk_boot_file
   -system_file_type
   -unlabeled
   -vendor_file_type
@@ -121,7 +117,6 @@ allow vendor_init {
   -mnt_product_file
   -password_slot_metadata_file
   -ota_metadata_file
-  -ramdisk_boot_file
   -system_file_type
   -vendor_file_type
   -vold_metadata_file