From ee751c33c5d166615b1474eb85ec7c54379b3490 Mon Sep 17 00:00:00 2001 From: Nick Kralevich Date: Fri, 11 Nov 2016 12:30:49 -0800 Subject: [PATCH] property.te: delete security_prop This property is never used. Test: policy compiles Change-Id: I43ace92950e1221754db28548031fbbfc0437d7a --- private/property_contexts | 1 - public/domain.te | 3 --- public/property.te | 1 - 3 files changed, 5 deletions(-) diff --git a/private/property_contexts b/private/property_contexts index 51b9ff8c6..2e0b2dd3f 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -65,7 +65,6 @@ ro.device_owner u:object_r:device_logging_prop:s0 # selinux non-persistent properties selinux.restorecon_recursive u:object_r:restorecon_prop:s0 -selinux. u:object_r:security_prop:s0 # default property context * u:object_r:default_prop:s0 diff --git a/public/domain.te b/public/domain.te index 696d3029e..1dac14295 100644 --- a/public/domain.te +++ b/public/domain.te @@ -229,9 +229,6 @@ neverallow { domain -recovery } self:capability2 mac_admin; # It is sealed. neverallow * kernel:security load_policy; -# Only init and the system_server shall use the property_service. -neverallow { domain -init -system_server } security_prop:property_service set; - # Only init prior to switching context should be able to set enforcing mode. # init starts in kernel domain and switches to init domain via setcon in # the init.rc, so the setenforce occurs while still in kernel. After diff --git a/public/property.te b/public/property.te index 1ad1dd007..e4b8d6e43 100644 --- a/public/property.te +++ b/public/property.te @@ -35,7 +35,6 @@ type powerctl_prop, property_type, core_property_type; type radio_prop, property_type, core_property_type; type restorecon_prop, property_type, core_property_type; type safemode_prop, property_type; -type security_prop, property_type, core_property_type; type shell_prop, property_type, core_property_type; type system_prop, property_type, core_property_type; type system_radio_prop, property_type, core_property_type;