Move unconfined domains out of permissive mode.

This change removes the permissive line from unconfined
domains. Unconfined domains can do (mostly) anything, so moving
these domains into enforcing should be a no-op.

The following domains were deliberately NOT changed:
1) kernel
2) init

In the future, this gives us the ability to tighten up the
rules in unconfined, and have those tightened rules actually
work.

When we're ready to tighten up the rules for these domains,
we can:

1) Remove unconfined_domain and re-add the permissive line.
2) Submit the domain in permissive but NOT unconfined.
3) Remove the permissive line
4) Wait a few days and submit the no-permissive change.

For instance, if we were ready to do this for adb, we'd identify
a list of possible rules which allow adbd to work, re-add
the permissive line, and then upload those changes to AOSP.
After sufficient testing, we'd then move adb to enforcing.
We'd repeat this for each domain until everything is enforcing
and out of unconfined.

Change-Id: If674190de3262969322fb2e93d9a0e734f8b9245

adbd.te

@@ -1,7 +1,6 @@
 # adbd seclabel is specified in init.rc since
 # it lives in the rootfs and has no unique file type.
 type adbd, domain;
-permissive adbd;
 unconfined_domain(adbd)
 domain_auto_trans(adbd, shell_exec, shell)
 # this is an entrypoint

bluetooth.te

@@ -1,5 +1,4 @@
 # bluetooth subsystem
 type bluetooth, domain;
-permissive bluetooth;
 app_domain(bluetooth)
 unconfined_domain(bluetooth)

clatd.te

@@ -1,6 +1,5 @@
 # 464xlat daemon
 type clatd, domain;
-permissive clatd;
 type clatd_exec, exec_type, file_type;
 
 init_daemon_domain(clatd)

debuggerd.te

@@ -1,6 +1,5 @@
 # debugger interface
 type debuggerd, domain;
-permissive debuggerd;
 type debuggerd_exec, exec_type, file_type;
 
 init_daemon_domain(debuggerd)

dhcp.te

@@ -1,5 +1,4 @@
 type dhcp, domain;
-permissive dhcp;
 type dhcp_exec, exec_type, file_type;
 type dhcp_data_file, file_type, data_file_type;
 type dhcp_system_file, file_type, data_file_type;

dnsmasq.te

@@ -1,5 +1,4 @@
 type dnsmasq, domain;
-permissive dnsmasq;
 type dnsmasq_exec, exec_type, file_type;
 
 init_daemon_domain(dnsmasq)

drmserver.te

@@ -1,6 +1,5 @@
 # drmserver - DRM service
 type drmserver, domain;
-permissive drmserver;
 type drmserver_exec, exec_type, file_type;
 
 init_daemon_domain(drmserver)

gpsd.te

@@ -1,6 +1,5 @@
 # gpsd - GPS daemon
 type gpsd, domain;
-permissive gpsd;
 type gpsd_exec, exec_type, file_type;
 
 init_daemon_domain(gpsd)

hci_attach.te

@@ -1,5 +1,4 @@
 type hci_attach, domain;
-permissive hci_attach;
 type hci_attach_exec, exec_type, file_type;
 
 init_daemon_domain(hci_attach)

healthd.te

@@ -1,7 +1,6 @@
 # healthd seclabel is specified in init.rc since
 # it lives in the rootfs and has no unique file type.
 type healthd, domain;
-permissive healthd;
 type healthd_exec, exec_type, file_type;
 
 init_daemon_domain(healthd)

hostapd.te

@@ -1,5 +1,4 @@
 type hostapd, domain;
-permissive hostapd;
 type hostapd_exec, exec_type, file_type;
 
 init_daemon_domain(hostapd)

init_shell.te

@@ -1,5 +1,4 @@
 # Restricted domain for shell processes spawned by init
 type init_shell, domain;
-permissive init_shell;
 domain_auto_trans(init, shell_exec, init_shell)
 unconfined_domain(init_shell)

keystore.te

@@ -1,5 +1,4 @@
 type keystore, domain;
-permissive keystore;
 type keystore_exec, exec_type, file_type;
 
 # keystore daemon

media_app.te

@@ -3,7 +3,6 @@
 ###
 
 type media_app, domain;
-permissive media_app;
 app_domain(media_app)
 platform_app_domain(media_app)
 # Access the network.

mediaserver.te

@@ -1,6 +1,5 @@
 # mediaserver - multimedia daemon
 type mediaserver, domain;
-permissive mediaserver;
 type mediaserver_exec, exec_type, file_type;
 
 net_domain(mediaserver)

mtp.te

@@ -1,6 +1,5 @@
 # vpn tunneling protocol manager
 type mtp, domain;
-permissive mtp;
 type mtp_exec, exec_type, file_type;
 
 init_daemon_domain(mtp)

nfc.te

@@ -1,5 +1,4 @@
 # nfc subsystem
 type nfc, domain;
-permissive nfc;
 app_domain(nfc)
 unconfined_domain(nfc)

ping.te

@@ -1,5 +1,4 @@
 type ping, domain;
-permissive ping;
 type ping_exec, exec_type, file_type;
 domain_auto_trans(shell, ping_exec, ping)
 unconfined_domain(ping)

platform_app.te

@@ -3,7 +3,6 @@
 ###
 
 type platform_app, domain;
-permissive platform_app;
 app_domain(platform_app)
 platform_app_domain(platform_app)
 # Access the network.

ppp.te

@@ -1,6 +1,5 @@
 # Point to Point Protocol daemon
 type ppp, domain;
-permissive ppp;
 type ppp_device, dev_type;
 type ppp_exec, exec_type, file_type;
 type ppp_system_file, file_type;

qemud.te

@@ -1,6 +1,5 @@
 # qemu support daemon
 type qemud, domain;
-permissive qemud;
 type qemud_exec, exec_type, file_type;
 
 init_daemon_domain(qemud)

racoon.te

@@ -1,6 +1,5 @@
 # IKE key management daemon
 type racoon, domain;
-permissive racoon;
 type racoon_exec, exec_type, file_type;
 
 unconfined_domain(racoon)

radio.te

@@ -1,6 +1,5 @@
 # phone subsystem
 type radio, domain;
-permissive radio;
 app_domain(radio)
 net_domain(radio)
 bluetooth_domain(radio)

release_app.te

@@ -3,7 +3,6 @@
 ###
 
 type release_app, domain;
-permissive release_app;
 app_domain(release_app)
 platform_app_domain(release_app)
 # Access the network.

rild.te

@@ -1,6 +1,5 @@
 # rild - radio interface layer daemon
 type rild, domain;
-permissive rild;
 type rild_exec, exec_type, file_type;
 
 init_daemon_domain(rild)

runas.te

@@ -1,6 +1,5 @@
 type runas, domain;
 type runas_exec, exec_type, file_type;
-permissive runas;
 unconfined_domain(runas)
 
 # ndk-gdb invokes adb shell run-as.

sdcardd.te

@@ -1,5 +1,4 @@
 type sdcardd, domain;
-permissive sdcardd;
 type sdcardd_exec, exec_type, file_type;
 
 init_daemon_domain(sdcardd)

servicemanager.te

@@ -1,6 +1,5 @@
 # servicemanager - the Binder context manager
 type servicemanager, domain;
-permissive servicemanager;
 type servicemanager_exec, exec_type, file_type;
 
 init_daemon_domain(servicemanager)

shared_app.te

@@ -3,7 +3,6 @@
 ###
 
 type shared_app, domain;
-permissive shared_app;
 app_domain(shared_app)
 platform_app_domain(shared_app)
 # Access the network.

su.te

@@ -1,5 +1,4 @@
 type su, domain;
-permissive su;
 type su_exec, exec_type, file_type;
 domain_auto_trans(shell, su_exec, su)
 

surfaceflinger.te

@@ -1,6 +1,5 @@
 # surfaceflinger - display compositor service
 type surfaceflinger, domain;
-permissive surfaceflinger;
 type surfaceflinger_exec, exec_type, file_type;
 
 init_daemon_domain(surfaceflinger)

system_app.te

@@ -4,6 +4,5 @@
 # server.
 #
 type system_app, domain;
-permissive system_app;
 app_domain(system_app)
 unconfined_domain(system_app)

system_server.te

@@ -3,7 +3,6 @@
 # Most of the framework services run in this process.
 #
 type system_server, domain;
-permissive system_server;
 unconfined_domain(system_server);
 relabelto_domain(system_server);
 

tee.te

@@ -6,6 +6,5 @@ type tee_exec, exec_type, file_type;
 type tee_device, dev_type;
 type tee_data_file, file_type, data_file_type;
 
-permissive tee;
 unconfined_domain(tee)
 init_daemon_domain(tee)

watchdogd.te

@@ -1,5 +1,4 @@
 # watchdogd seclabel is specified in init.<board>.rc
 type watchdogd, domain;
-permissive watchdogd;
 unconfined_domain(watchdogd)
 allow watchdogd rootfs:file entrypoint;

wpa_supplicant.te

@@ -1,6 +1,5 @@
 # wpa - wpa supplicant or equivalent
 type wpa, domain;
-permissive wpa;
 type wpa_exec, exec_type, file_type;
 
 init_daemon_domain(wpa)