From cff95d7b5fbab2d614a2ac74eb111908167c4c77 Mon Sep 17 00:00:00 2001 From: Jiyong Park Date: Tue, 2 Apr 2019 11:49:18 +0900 Subject: [PATCH] Remove apex_key_file We no longer have /system/etc/security/apex/* as the public keys are all bundled in APEXes. Removing the selinux label and policies for it. Bug: 936942 Test: device is bootable Change-Id: I6b6144a8d15910d1ba8584a0778244ed398dc615 --- private/apexd.te | 4 ---- private/compat/26.0/26.0.ignore.cil | 1 - private/compat/27.0/27.0.ignore.cil | 1 - private/compat/28.0/28.0.ignore.cil | 1 - private/file_contexts | 2 -- public/file.te | 2 -- 6 files changed, 11 deletions(-) diff --git a/private/apexd.te b/private/apexd.te index 54af86aba..6066fd600 100644 --- a/private/apexd.te +++ b/private/apexd.te @@ -2,10 +2,6 @@ typeattribute apexd coredomain; init_daemon_domain(apexd) -# Read /system/etc/security/apex_debug_key -allow apexd apex_key_file:dir { search getattr }; -allow apexd apex_key_file:file r_file_perms; - # Allow creating, reading and writing of APEX files/dirs in the APEX data dir allow apexd apex_data_file:dir create_dir_perms; allow apexd apex_data_file:file create_file_perms; diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil index 13da8ec0b..d47c7712f 100644 --- a/private/compat/26.0/26.0.ignore.cil +++ b/private/compat/26.0/26.0.ignore.cil @@ -12,7 +12,6 @@ apex_data_file apex_metadata_file apex_mnt_dir - apex_key_file apex_service apexd apexd_exec diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil index 074a75f05..b39dd4b43 100644 --- a/private/compat/27.0/27.0.ignore.cil +++ b/private/compat/27.0/27.0.ignore.cil @@ -11,7 +11,6 @@ apex_data_file apex_metadata_file apex_mnt_dir - apex_key_file apex_service apexd apexd_exec diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil index 62679228e..5fa263155 100644 --- a/private/compat/28.0/28.0.ignore.cil +++ b/private/compat/28.0/28.0.ignore.cil @@ -10,7 +10,6 @@ apex_data_file apex_metadata_file apex_mnt_dir - apex_key_file apex_service apexd apexd_exec diff --git a/private/file_contexts b/private/file_contexts index 3e8cf1931..ad374d9f8 100644 --- a/private/file_contexts +++ b/private/file_contexts @@ -302,7 +302,6 @@ /system/etc/ld\.config.* u:object_r:system_linker_config_file:s0 /system/etc/seccomp_policy(/.*)? u:object_r:system_seccomp_policy_file:s0 /system/etc/security/cacerts(/.*)? u:object_r:system_security_cacerts_file:s0 -/system/etc/security/apex(/.*)? u:object_r:apex_key_file:s0 /system/etc/selinux/mapping/[0-9]+\.[0-9]+\.cil u:object_r:sepolicy_file:s0 /system/etc/selinux/plat_mac_permissions\.xml u:object_r:mac_perms_file:s0 /system/etc/selinux/plat_property_contexts u:object_r:property_contexts_file:s0 @@ -393,7 +392,6 @@ /(product|system/product)(/.*)? u:object_r:system_file:s0 /(product|system/product)/overlay(/.*)? u:object_r:vendor_overlay_file:s0 -/(product|system/product)/etc/security/apex(/.*)? u:object_r:apex_key_file:s0 /(product|system/product)/etc/selinux/product_file_contexts u:object_r:file_contexts_file:s0 /(product|system/product)/etc/selinux/product_hwservice_contexts u:object_r:hwservice_contexts_file:s0 /(product|system/product)/etc/selinux/product_property_contexts u:object_r:property_contexts_file:s0 diff --git a/public/file.te b/public/file.te index ccf6d85ca..58acfca1e 100644 --- a/public/file.te +++ b/public/file.te @@ -154,8 +154,6 @@ type system_linker_exec, system_file_type, file_type; type system_linker_config_file, system_file_type, file_type; # Default type for linker config /system/etc/seccomp_policy/*. type system_seccomp_policy_file, system_file_type, file_type; -# Default type for APEX keys in /system/etc/security/apex/* -type apex_key_file, system_file_type, file_type; # Default type for cacerts in /system/etc/security/cacerts/*. type system_security_cacerts_file, system_file_type, file_type; # Default type for /system/bin/tcpdump.