From 1519eb5d5cb3189ab6c5e32fe4dfd985784cb915 Mon Sep 17 00:00:00 2001
From: RGIB <gibellini.roberto@gmail.com>
Date: Mon, 3 Oct 2016 18:48:42 +0200
Subject: kona : remove useless policies

Change-Id: I99fbb84ec77b8d03dd7508f2f6d6933c6056a597
---
 selinux/DR-daemon.te      | 11 -----------
 selinux/SMD-daemon.te     |  6 ------
 selinux/at_distributor.te | 32 --------------------------------
 selinux/diag_uart_log.te  |  7 -------
 selinux/file_contexts     |  4 ----
 selinux/rild.te           |  2 --
 selinux/servicemanager.te |  3 ---
 selinux/system_server.te  |  1 -
 8 files changed, 66 deletions(-)
 delete mode 100644 selinux/DR-daemon.te
 delete mode 100644 selinux/SMD-daemon.te
 delete mode 100644 selinux/at_distributor.te
 delete mode 100644 selinux/diag_uart_log.te

diff --git a/selinux/DR-daemon.te b/selinux/DR-daemon.te
deleted file mode 100644
index c031d3f..0000000
--- a/selinux/DR-daemon.te
+++ /dev/null
@@ -1,11 +0,0 @@
-type DR-daemon, domain;
-type DR-daemon_exec, exec_type, file_type;
-init_daemon_domain(DR-daemon)
-domain_trans(init, rootfs, DR-daemon)
-
-allow DR-daemon radio_data_file:sock_file unlink;
-allow DR-daemon self:capability setuid;
-allow DR-daemon serial_device:chr_file { read write ioctl open };
-allow DR-daemon system_data_file:dir { write remove_name };
-allow DR-daemon system_data_file:dir add_name;
-allow DR-daemon system_data_file:sock_file create;
diff --git a/selinux/SMD-daemon.te b/selinux/SMD-daemon.te
deleted file mode 100644
index 36cfb12..0000000
--- a/selinux/SMD-daemon.te
+++ /dev/null
@@ -1,6 +0,0 @@
-type SMD-daemon, domain;
-type SMD-daemon_exec, exec_type, file_type;
-init_daemon_domain(SMD-daemon)
-domain_trans(init, rootfs, SMD-daemon)
-
-allow SMD-daemon self:capability setuid;
diff --git a/selinux/at_distributor.te b/selinux/at_distributor.te
deleted file mode 100644
index 039b540..0000000
--- a/selinux/at_distributor.te
+++ /dev/null
@@ -1,32 +0,0 @@
-type at_distributor, domain;
-type at_distributor_exec, exec_type, file_type;
-init_daemon_domain(at_distributor)
-domain_trans(init, rootfs, at_distributor)
-
-allow at_distributor DR-daemon:unix_stream_socket connectto;
-allow at_distributor property_socket:sock_file write;
-allow at_distributor radio_data_file:file { write create read getattr open };
-allow at_distributor radio_prop:property_service set;
-allow at_distributor rild:unix_stream_socket connectto;
-allow at_distributor self:capability dac_override;
-allow at_distributor serial_device:chr_file { read write ioctl open };
-allow at_distributor sysfs_wake_lock:file { read write open };
-allow at_distributor system_data_file:sock_file write;
-allow at_distributor efs_file:file getattr;
-allow at_distributor init:unix_stream_socket connectto;
-allow at_distributor efs_file:file { read open setattr };
-allow at_distributor self:capability { setuid fowner chown fsetid };
-allow at_distributor efs_file:dir search;
-allow at_distributor radio_data_file:dir { search add_name write };
-allow at_distributor efs_file:dir { search getattr };
-allow at_distributor radio_data_file:file setattr;
-allow at_distributor servicemanager:binder call;
-allow at_distributor shell_exec:file { read execute open };
-allow at_distributor system_file:file execute_no_trans;
-allow at_distributor zygote_exec:file { read getattr open execute execute_no_trans };
-allow at_distributor system_server:binder { transfer call };
-allow at_distributor diag_uart_log_exec:file getattr;
-allow at_distributor gps_device:chr_file { read write ioctl open };
-allow at_distributor shell_exec:file execute_no_trans;
-allow at_distributor radio_data_file:dir search;
-allow at_distributor radio_data_file:file { read getattr open setattr };
diff --git a/selinux/diag_uart_log.te b/selinux/diag_uart_log.te
deleted file mode 100644
index 38429db..0000000
--- a/selinux/diag_uart_log.te
+++ /dev/null
@@ -1,7 +0,0 @@
-type diag_uart_log, domain;
-type diag_uart_log_exec, exec_type, file_type;
-init_daemon_domain(diag_uart_log)
-domain_trans(init, rootfs, diag_uart_log)
-
-allow diag_uart_log at_distributor:unix_stream_socket connectto;
-allow diag_uart_log self:capability setuid;
diff --git a/selinux/file_contexts b/selinux/file_contexts
index 9c776ee..79c22e8 100644
--- a/selinux/file_contexts
+++ b/selinux/file_contexts
@@ -1,12 +1,8 @@
 /system/bin/cbd			u:object_r:cpboot-daemon_exec:s0
 /system/bin/gpsd		u:object_r:gpsd_exec:s0
-/system/bin/at_distributor	u:object_r:at_distributor_exec:s0
-/system/bin/smdexe		u:object_r:SMD-daemon_exec:s0
-/system/bin/ddexe		u:object_r:DR-daemon_exec:s0
 /system/bin/orientationd	u:object_r:orientationd_exec:s0
 /system/bin/geomagneticd	u:object_r:geomagneticd_exec:s0
 
-/system/bin/diag_uart_log	u:object_r:diag_uart_log_exec:s0
 /system/bin/qcks		u:object_r:qc_kickstart_exec:s0
 /system/bin/ks			u:object_r:qc_kickstart_exec:s0
 /system/bin/efsks		u:object_r:qc_kickstart_exec:s0
diff --git a/selinux/rild.te b/selinux/rild.te
index d999b16..4205645 100644
--- a/selinux/rild.te
+++ b/selinux/rild.te
@@ -1,5 +1,3 @@
-allow rild at_distributor:dir search;
-allow rild at_distributor:file { read getattr open };
 allow rild gpsd:dir search;
 allow rild gpsd:file { read getattr open };
 allow rild proc_net:file write;
diff --git a/selinux/servicemanager.te b/selinux/servicemanager.te
index 8d1d17e..d3f44a8 100644
--- a/selinux/servicemanager.te
+++ b/selinux/servicemanager.te
@@ -1,6 +1,3 @@
 allow servicemanager gpsd:dir search;
-allow servicemanager at_distributor:dir search;
-allow servicemanager at_distributor:file { read open };
-allow servicemanager at_distributor:process getattr;
 allow servicemanager gpsd:file { read open };
 allow servicemanager gpsd:process getattr;
diff --git a/selinux/system_server.te b/selinux/system_server.te
index b5e88e0..2926495 100644
--- a/selinux/system_server.te
+++ b/selinux/system_server.te
@@ -4,7 +4,6 @@ allow system_server efs_file:dir search;
 allow system_server efs_file:file { read write open };
 allow system_server gps_data_file:file setattr;
 allow system_server gps_data_file:dir { search write add_name };
-allow system_server at_distributor:binder call;
 allow system_server socket_device:dir write;
 allow system_server qmuxd:unix_stream_socket connectto;
 allow system_server socket_device:dir add_name;
-- 
cgit v1.1