Merge "domain_deprecated is dead"

private/atrace.te

@@ -3,7 +3,7 @@
 type atrace_exec, exec_type, file_type;
 
 userdebug_or_eng(`
-  type atrace, domain, coredomain, domain_deprecated;
+  type atrace, domain, coredomain;
 
   init_daemon_domain(atrace)
 

private/attributes

@@ -1,9 +0,0 @@
-# Temporary attribute used for migrating permissions out of domain.
-# Motivation: Domain is overly permissive. Start removing permissions
-# from domain and assign them to the domain_deprecated attribute.
-# Domain_deprecated and domain can initially be assigned to all
-# domains. The goal is to not assign domain_deprecated to new domains
-# and to start removing domain_deprecated where it's not required or
-# reassigning the appropriate permissions to the inheriting domain
-# when necessary.
-attribute domain_deprecated;

private/clatd.te

@@ -1,2 +1 @@
 typeattribute clatd coredomain;
-typeattribute clatd domain_deprecated;

private/dex2oat.te

@@ -1,2 +1 @@
 typeattribute dex2oat coredomain;
-typeattribute dex2oat domain_deprecated;

private/dhcp.te

@@ -1,5 +1,4 @@
 typeattribute dhcp coredomain;
-typeattribute dhcp domain_deprecated;
 
 init_daemon_domain(dhcp)
 type_transition dhcp system_data_file:{ dir file } dhcp_data_file;

private/dumpstate.te

@@ -1,5 +1,4 @@
 typeattribute dumpstate coredomain;
-typeattribute dumpstate domain_deprecated;
 
 init_daemon_domain(dumpstate)
 

private/fingerprintd.te

@@ -1,4 +1,3 @@
 typeattribute fingerprintd coredomain;
-typeattribute fingerprintd domain_deprecated;
 
 init_daemon_domain(fingerprintd)

private/fsck.te

@@ -1,4 +1,3 @@
 typeattribute fsck coredomain;
-typeattribute fsck domain_deprecated;
 
 init_daemon_domain(fsck)

private/fsck_untrusted.te

@@ -1,2 +1 @@
 typeattribute fsck_untrusted coredomain;
-typeattribute fsck_untrusted domain_deprecated;

private/installd.te

@@ -1,5 +1,4 @@
 typeattribute installd coredomain;
-typeattribute installd domain_deprecated;
 
 init_daemon_domain(installd)
 

private/keystore.te

@@ -1,4 +1,3 @@
 typeattribute keystore coredomain;
-typeattribute keystore domain_deprecated;
 
 init_daemon_domain(keystore)

private/mtp.te

@@ -1,4 +1,3 @@
 typeattribute mtp coredomain;
-typeattribute mtp domain_deprecated;
 
 init_daemon_domain(mtp)

private/netd.te

@@ -1,5 +1,4 @@
 typeattribute netd coredomain;
-typeattribute netd domain_deprecated;
 
 init_daemon_domain(netd)
 

private/perfprofd.te

@@ -1,5 +1,4 @@
 userdebug_or_eng(`
   typeattribute perfprofd coredomain;
-  typeattribute perfprofd domain_deprecated;
   init_daemon_domain(perfprofd)
 ')

private/platform_app.te

@@ -3,7 +3,6 @@
 ###
 
 typeattribute platform_app coredomain;
-typeattribute platform_app domain_deprecated;
 
 app_domain(platform_app)
 

private/ppp.te

@@ -1,4 +1,3 @@
 typeattribute ppp coredomain;
-typeattribute ppp domain_deprecated;
 
 domain_auto_trans(mtp, ppp_exec, ppp)

private/radio.te

@@ -1,5 +1,4 @@
 typeattribute radio coredomain;
-typeattribute radio domain_deprecated;
 
 app_domain(radio)
 

private/recovery.te

@@ -1,2 +1 @@
 typeattribute recovery coredomain;
-typeattribute recovery domain_deprecated;

private/runas.te

@@ -1,5 +1,4 @@
 typeattribute runas coredomain;
-typeattribute runas domain_deprecated;
 
 # ndk-gdb invokes adb shell run-as.
 domain_auto_trans(shell, runas_exec, runas)

private/sdcardd.te

@@ -1,4 +1,3 @@
 typeattribute sdcardd coredomain;
-typeattribute sdcardd domain_deprecated;
 
 type_transition sdcardd system_data_file:{ dir file } media_rw_data_file;

private/shared_relro.te

@@ -1,5 +1,4 @@
 typeattribute shared_relro coredomain;
-typeattribute shared_relro domain_deprecated;
 
 # The shared relro process is a Java program forked from the zygote, so it
 # inherits from app to get basic permissions it needs to run.

private/system_app.te

@@ -5,7 +5,6 @@
 ###
 
 typeattribute system_app coredomain;
-typeattribute system_app domain_deprecated;
 
 app_domain(system_app)
 net_domain(system_app)

private/system_server.te

@@ -4,7 +4,6 @@
 #
 
 typeattribute system_server coredomain;
-typeattribute system_server domain_deprecated;
 typeattribute system_server mlstrustedsubject;
 
 # Define a type for tmpfs-backed ashmem regions.

private/ueventd.te

@@ -1,4 +1,3 @@
 typeattribute ueventd coredomain;
-typeattribute ueventd domain_deprecated;
 
 tmpfs_domain(ueventd)

private/uncrypt.te

@@ -1,4 +1,3 @@
 typeattribute uncrypt coredomain;
-typeattribute uncrypt domain_deprecated;
 
 init_daemon_domain(uncrypt)

private/update_engine.te

@@ -1,4 +1,3 @@
 typeattribute update_engine coredomain;
-typeattribute update_engine domain_deprecated;
 
 init_daemon_domain(update_engine);

private/vold.te

@@ -1,5 +1,4 @@
 typeattribute vold coredomain;
-typeattribute vold domain_deprecated;
 
 init_daemon_domain(vold)
 

private/zygote.te

@@ -1,6 +1,5 @@
 # zygote
 typeattribute zygote coredomain;
-typeattribute zygote domain_deprecated;
 typeattribute zygote mlstrustedsubject;
 
 init_daemon_domain(zygote)