diff --git a/prebuilts/api/26.0/26.0.cil b/prebuilts/api/26.0/26.0.cil index 4a78695ff..70dfa5d9f 100644 --- a/prebuilts/api/26.0/26.0.cil +++ b/prebuilts/api/26.0/26.0.cil @@ -1,6 +1,3 @@ -;; private attributes removed from public types -(typeattributeset domain_deprecated (bluetooth_26_0)) - ;; attributes removed from current policy (typeattribute hal_wifi_keystore) (typeattribute hal_wifi_keystore_client) diff --git a/private/atrace.te b/private/atrace.te index 5de9f994b..fc2751764 100644 --- a/private/atrace.te +++ b/private/atrace.te @@ -3,7 +3,7 @@ type atrace_exec, exec_type, file_type; userdebug_or_eng(` - type atrace, domain, coredomain, domain_deprecated; + type atrace, domain, coredomain; init_daemon_domain(atrace) diff --git a/private/attributes b/private/attributes deleted file mode 100644 index fcbfecfb2..000000000 --- a/private/attributes +++ /dev/null @@ -1,9 +0,0 @@ -# Temporary attribute used for migrating permissions out of domain. -# Motivation: Domain is overly permissive. Start removing permissions -# from domain and assign them to the domain_deprecated attribute. -# Domain_deprecated and domain can initially be assigned to all -# domains. The goal is to not assign domain_deprecated to new domains -# and to start removing domain_deprecated where it's not required or -# reassigning the appropriate permissions to the inheriting domain -# when necessary. -attribute domain_deprecated; diff --git a/private/clatd.te b/private/clatd.te index c09398ddd..5ba0fc5cd 100644 --- a/private/clatd.te +++ b/private/clatd.te @@ -1,2 +1 @@ typeattribute clatd coredomain; -typeattribute clatd domain_deprecated; diff --git a/private/dex2oat.te b/private/dex2oat.te index 89c3970af..fd45484f4 100644 --- a/private/dex2oat.te +++ b/private/dex2oat.te @@ -1,2 +1 @@ typeattribute dex2oat coredomain; -typeattribute dex2oat domain_deprecated; diff --git a/private/dhcp.te b/private/dhcp.te index 6a6a139e2..b2f8ac7c7 100644 --- a/private/dhcp.te +++ b/private/dhcp.te @@ -1,5 +1,4 @@ typeattribute dhcp coredomain; -typeattribute dhcp domain_deprecated; init_daemon_domain(dhcp) type_transition dhcp system_data_file:{ dir file } dhcp_data_file; diff --git a/private/dumpstate.te b/private/dumpstate.te index 0fe2adfc6..b8f81526c 100644 --- a/private/dumpstate.te +++ b/private/dumpstate.te @@ -1,5 +1,4 @@ typeattribute dumpstate coredomain; -typeattribute dumpstate domain_deprecated; init_daemon_domain(dumpstate) diff --git a/private/fingerprintd.te b/private/fingerprintd.te index 0c1dfaa37..eb73ef8cc 100644 --- a/private/fingerprintd.te +++ b/private/fingerprintd.te @@ -1,4 +1,3 @@ typeattribute fingerprintd coredomain; -typeattribute fingerprintd domain_deprecated; init_daemon_domain(fingerprintd) diff --git a/private/fsck.te b/private/fsck.te index e8467972f..3a36329f7 100644 --- a/private/fsck.te +++ b/private/fsck.te @@ -1,4 +1,3 @@ typeattribute fsck coredomain; -typeattribute fsck domain_deprecated; init_daemon_domain(fsck) diff --git a/private/fsck_untrusted.te b/private/fsck_untrusted.te index 2a1a39f46..9a57bf027 100644 --- a/private/fsck_untrusted.te +++ b/private/fsck_untrusted.te @@ -1,2 +1 @@ typeattribute fsck_untrusted coredomain; -typeattribute fsck_untrusted domain_deprecated; diff --git a/private/installd.te b/private/installd.te index d726e7df2..f74843dd1 100644 --- a/private/installd.te +++ b/private/installd.te @@ -1,5 +1,4 @@ typeattribute installd coredomain; -typeattribute installd domain_deprecated; init_daemon_domain(installd) diff --git a/private/keystore.te b/private/keystore.te index 1e563389e..a9647c631 100644 --- a/private/keystore.te +++ b/private/keystore.te @@ -1,5 +1,4 @@ typeattribute keystore coredomain; -typeattribute keystore domain_deprecated; init_daemon_domain(keystore) diff --git a/private/mtp.te b/private/mtp.te index 3cfda0b1a..732e111ed 100644 --- a/private/mtp.te +++ b/private/mtp.te @@ -1,4 +1,3 @@ typeattribute mtp coredomain; -typeattribute mtp domain_deprecated; init_daemon_domain(mtp) diff --git a/private/netd.te b/private/netd.te index 3a824af13..f501f25e9 100644 --- a/private/netd.te +++ b/private/netd.te @@ -1,5 +1,4 @@ typeattribute netd coredomain; -typeattribute netd domain_deprecated; init_daemon_domain(netd) diff --git a/private/perfprofd.te b/private/perfprofd.te index a655f1d34..9c249fd9a 100644 --- a/private/perfprofd.te +++ b/private/perfprofd.te @@ -1,5 +1,4 @@ userdebug_or_eng(` typeattribute perfprofd coredomain; - typeattribute perfprofd domain_deprecated; init_daemon_domain(perfprofd) ') diff --git a/private/platform_app.te b/private/platform_app.te index b28661101..4d937bedf 100644 --- a/private/platform_app.te +++ b/private/platform_app.te @@ -3,7 +3,6 @@ ### typeattribute platform_app coredomain; -typeattribute platform_app domain_deprecated; app_domain(platform_app) diff --git a/private/ppp.te b/private/ppp.te index 9b301f475..968b221b6 100644 --- a/private/ppp.te +++ b/private/ppp.te @@ -1,4 +1,3 @@ typeattribute ppp coredomain; -typeattribute ppp domain_deprecated; domain_auto_trans(mtp, ppp_exec, ppp) diff --git a/private/radio.te b/private/radio.te index 83b5b416b..b4f539048 100644 --- a/private/radio.te +++ b/private/radio.te @@ -1,5 +1,4 @@ typeattribute radio coredomain; -typeattribute radio domain_deprecated; app_domain(radio) diff --git a/private/recovery.te b/private/recovery.te index b7b2847ec..2a7fdc7e1 100644 --- a/private/recovery.te +++ b/private/recovery.te @@ -1,2 +1 @@ typeattribute recovery coredomain; -typeattribute recovery domain_deprecated; diff --git a/private/runas.te b/private/runas.te index 73a91ffd6..ef31aac34 100644 --- a/private/runas.te +++ b/private/runas.te @@ -1,5 +1,4 @@ typeattribute runas coredomain; -typeattribute runas domain_deprecated; # ndk-gdb invokes adb shell run-as. domain_auto_trans(shell, runas_exec, runas) diff --git a/private/sdcardd.te b/private/sdcardd.te index ac6bb4e2c..126d64349 100644 --- a/private/sdcardd.te +++ b/private/sdcardd.te @@ -1,4 +1,3 @@ typeattribute sdcardd coredomain; -typeattribute sdcardd domain_deprecated; type_transition sdcardd system_data_file:{ dir file } media_rw_data_file; diff --git a/private/shared_relro.te b/private/shared_relro.te index 8d06294d9..02f720682 100644 --- a/private/shared_relro.te +++ b/private/shared_relro.te @@ -1,5 +1,4 @@ typeattribute shared_relro coredomain; -typeattribute shared_relro domain_deprecated; # The shared relro process is a Java program forked from the zygote, so it # inherits from app to get basic permissions it needs to run. diff --git a/private/system_app.te b/private/system_app.te index 69ac31b79..c6fcf8e12 100644 --- a/private/system_app.te +++ b/private/system_app.te @@ -5,7 +5,6 @@ ### typeattribute system_app coredomain; -typeattribute system_app domain_deprecated; app_domain(system_app) net_domain(system_app) diff --git a/private/system_server.te b/private/system_server.te index 180ba36c1..59b2877b7 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -4,7 +4,6 @@ # typeattribute system_server coredomain; -typeattribute system_server domain_deprecated; typeattribute system_server mlstrustedsubject; # Define a type for tmpfs-backed ashmem regions. diff --git a/private/ueventd.te b/private/ueventd.te index 0df587fff..1bd67735e 100644 --- a/private/ueventd.te +++ b/private/ueventd.te @@ -1,4 +1,3 @@ typeattribute ueventd coredomain; -typeattribute ueventd domain_deprecated; tmpfs_domain(ueventd) diff --git a/private/uncrypt.te b/private/uncrypt.te index fde686be9..e4e9224d9 100644 --- a/private/uncrypt.te +++ b/private/uncrypt.te @@ -1,4 +1,3 @@ typeattribute uncrypt coredomain; -typeattribute uncrypt domain_deprecated; init_daemon_domain(uncrypt) diff --git a/private/update_engine.te b/private/update_engine.te index f460272d1..5af7db681 100644 --- a/private/update_engine.te +++ b/private/update_engine.te @@ -1,4 +1,3 @@ typeattribute update_engine coredomain; -typeattribute update_engine domain_deprecated; init_daemon_domain(update_engine); diff --git a/private/vold.te b/private/vold.te index f2416f895..a6d1001d1 100644 --- a/private/vold.te +++ b/private/vold.te @@ -1,5 +1,4 @@ typeattribute vold coredomain; -typeattribute vold domain_deprecated; init_daemon_domain(vold) diff --git a/private/zygote.te b/private/zygote.te index daabbc06e..7fe79ef43 100644 --- a/private/zygote.te +++ b/private/zygote.te @@ -1,6 +1,5 @@ # zygote typeattribute zygote coredomain; -typeattribute zygote domain_deprecated; typeattribute zygote mlstrustedsubject; init_daemon_domain(zygote)