Merge "Remove references to nonplat sepolicy" am: 37919f5b87 am: 012a7d8166

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1882149 Change-Id: I60ffcc91c332f77431199a10fc774303c072fcd7
2021-11-05 15:53:48 +00:00 · 2021-11-05 15:53:48 +00:00 · 91850c27fb
commit 91850c27fb
parent f011326e5a 012a7d8166
4 changed files with 3 additions and 15 deletions
--- a/private/compat/31.0/31.0.cil
+++ b/private/compat/31.0/31.0.cil
@ -4,6 +4,7 @@
 (type apex_scheduling_data_file)
 (type apex_wifi_data_file)
 (type healthd_exec)
+(type nonplat_service_contexts_file)
 (type vr_hwc)
 (type vr_hwc_exec)

--- a/private/file_contexts
+++ b/private/file_contexts
@ -48,29 +48,21 @@

 # SELinux policy files
 /vendor_file_contexts   u:object_r:file_contexts_file:s0
-/nonplat_file_contexts  u:object_r:file_contexts_file:s0
 /plat_file_contexts     u:object_r:file_contexts_file:s0
 /product_file_contexts  u:object_r:file_contexts_file:s0
 /mapping_sepolicy\.cil   u:object_r:sepolicy_file:s0
-/nonplat_sepolicy\.cil   u:object_r:sepolicy_file:s0
 /plat_sepolicy\.cil      u:object_r:sepolicy_file:s0
 /plat_property_contexts  u:object_r:property_contexts_file:s0
 /product_property_contexts  u:object_r:property_contexts_file:s0
-/nonplat_property_contexts  u:object_r:property_contexts_file:s0
 /vendor_property_contexts   u:object_r:property_contexts_file:s0
 /seapp_contexts     u:object_r:seapp_contexts_file:s0
-/nonplat_seapp_contexts     u:object_r:seapp_contexts_file:s0
 /vendor_seapp_contexts      u:object_r:seapp_contexts_file:s0
 /plat_seapp_contexts     u:object_r:seapp_contexts_file:s0
 /sepolicy           u:object_r:sepolicy_file:s0
 /plat_service_contexts   u:object_r:service_contexts_file:s0
 /plat_hwservice_contexts   u:object_r:hwservice_contexts_file:s0
 /plat_keystore2_key_contexts u:object_r:keystore2_key_contexts_file:s0
-/nonplat_service_contexts   u:object_r:nonplat_service_contexts_file:s0
-# Use nonplat_service_contexts_file to allow servicemanager to read it
-# on non full-treble devices.
-/vendor_service_contexts    u:object_r:nonplat_service_contexts_file:s0
-/nonplat_hwservice_contexts   u:object_r:hwservice_contexts_file:s0
+/vendor_service_contexts    u:object_r:vendor_service_contexts_file:s0
 /vendor_hwservice_contexts    u:object_r:hwservice_contexts_file:s0
 /vndservice_contexts   u:object_r:vndservice_contexts_file:s0

@ -402,8 +394,6 @@
 # HAL location
 /(vendor|system/vendor)/lib(64)?/hw            u:object_r:vendor_hal_file:s0

-/(vendor|system/vendor)/etc/selinux/nonplat_service_contexts u:object_r:nonplat_service_contexts_file:s0
-
 /(vendor|system/vendor)/etc/selinux/vendor_service_contexts u:object_r:vendor_service_contexts_file:s0

 #############################
--- a/public/file.te
+++ b/public/file.te
@ -566,9 +566,6 @@ type keystore2_key_contexts_file, system_file_type, file_type;
 # vendor service_contexts file
 type vendor_service_contexts_file, vendor_file_type, file_type;

-# nonplat service_contexts file (only accessible on non full-treble devices)
-type nonplat_service_contexts_file, vendor_file_type, file_type;
-
 # hwservice_contexts file
 type hwservice_contexts_file, system_file_type, file_type;

--- a/public/servicemanager.te
+++ b/public/servicemanager.te
@ -22,7 +22,7 @@ allow servicemanager service_contexts_file:file r_file_perms;
 allow servicemanager vendor_service_contexts_file:file r_file_perms;

 # nonplat_service_contexts only accessible on non full-treble devices
-not_full_treble(`allow servicemanager nonplat_service_contexts_file:file r_file_perms;')
+not_full_treble(`allow servicemanager vendor_service_contexts_file:file r_file_perms;')

 add_service(servicemanager, service_manager_service)
 allow servicemanager dumpstate:fd use;