Merge "incident_service: only disallow untrusted access" into rvc-dev

prebuilts/api/30.0/private/app_neverallows.te

@@ -257,3 +257,6 @@ neverallow {
   -untrusted_app_25
   -untrusted_app_27
 } mnt_sdcard_file:lnk_file *;
+
+# Only privileged apps may find the incident service
+neverallow all_untrusted_apps incident_service:service_manager find;

prebuilts/api/30.0/private/incidentd.te

@@ -179,21 +179,6 @@ userdebug_or_eng(`
 ###
 ### neverallow rules
 ###
-
-# only specific domains can find the incident service
-neverallow {
-  domain
-  -dumpstate
-  -incident
-  -incidentd
-  -perfetto
-  -permissioncontroller_app
-  -priv_app
-  -statsd
-  -system_app
-  -system_server
-} incident_service:service_manager find;
-
 # only incidentd and the other root services in limited circumstances
 # can get to the files in /data/misc/incidents
 #

private/app_neverallows.te

@@ -257,3 +257,6 @@ neverallow {
   -untrusted_app_25
   -untrusted_app_27
 } mnt_sdcard_file:lnk_file *;
+
+# Only privileged apps may find the incident service
+neverallow all_untrusted_apps incident_service:service_manager find;

private/incidentd.te

@@ -179,21 +179,6 @@ userdebug_or_eng(`
 ###
 ### neverallow rules
 ###
-
-# only specific domains can find the incident service
-neverallow {
-  domain
-  -dumpstate
-  -incident
-  -incidentd
-  -perfetto
-  -permissioncontroller_app
-  -priv_app
-  -statsd
-  -system_app
-  -system_server
-} incident_service:service_manager find;
-
 # only incidentd and the other root services in limited circumstances
 # can get to the files in /data/misc/incidents
 #