Merge "Remove redundant allows" into main am: 598de5b6c8 am: e3fec04da1

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2677815

Change-Id: Id0834a2437bb9d95c3fd525026fe3cfcc9e60127
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

microdroid/system/private/microdroid_payload.te

@@ -8,13 +8,6 @@ allow microdroid_payload adbd:unix_stream_socket { read write };
 # microdroid_launcher is launched by microdroid_manager with fork/execvp.
 allow microdroid_payload microdroid_manager:fd use;
 
-# Allow to use FDs inherited from the shell. This includes the FD opened for
-# the microdroid_launcher executable itself and the FD for adb connection.
-# TODO(b/186396070) remove this when this is executed from microdroid_manager
-userdebug_or_eng(`
-  allow microdroid_payload shell:fd use;
-')
-
 # Allow to use terminal
 allow microdroid_payload devpts:chr_file rw_file_perms;
 

microdroid/system/private/shell.te

@@ -7,11 +7,6 @@ selinux_check_context(shell)
 # Allow shell to run adb shell cmd stats commands. Needed for CTS.
 binder_call(shell, statsd);
 
-# Allow shell to launch microdroid_launcher in its own domain
-# TODO(b/186396070) remove this when microdroid_manager can do this
-domain_auto_trans(shell, microdroid_app_exec, microdroid_app)
-domain_auto_trans(shell, microdroid_manager_exec, microdroid_manager)
-
 # Connect to adbd and use a socket transferred from it.
 # This is used for e.g. adb backup/restore.
 allow shell adbd:unix_stream_socket connectto;