microdroid: remove sdkext APEX
com.android.sdkext is to decide the extension SDK level of the device
and set system properties so that apps can query it.
In microdroid we don't support it yet. So remove it from the mandatory
system APEX list.
Bug: 193118107
Test: MicrodroidHostTestCases
Change-Id: I1e913b0826d78f06439ec37889e390ef97c4623a
diff --git a/microdroid/init.rc b/microdroid/init.rc
index b683230..36cddbb 100644
--- a/microdroid/init.rc
+++ b/microdroid/init.rc
@@ -29,7 +29,6 @@
exec - root system -- /system/bin/apexd --vm
perform_apex_config
- exec_start derive_sdk
exec - root system -- /system/bin/apkdmverity /dev/block/by-name/microdroid-apk /dev/block/by-name/microdroid-apk-idsig microdroid-apk
mkdir /mnt/apk 0755 system system
diff --git a/microdroid/sepolicy/system/private/derive_classpath.te b/microdroid/sepolicy/system/private/derive_classpath.te
deleted file mode 100644
index 2299ba0..0000000
--- a/microdroid/sepolicy/system/private/derive_classpath.te
+++ /dev/null
@@ -1,25 +0,0 @@
-
-# Domain for derive_classpath
-type derive_classpath, domain, coredomain;
-type derive_classpath_exec, system_file_type, exec_type, file_type;
-init_daemon_domain(derive_classpath)
-
-# Read /apex
-allow derive_classpath apex_mnt_dir:dir r_dir_perms;
-
-# Create /data/system/environ/classpath file
-allow derive_classpath environ_system_data_file:dir rw_dir_perms;
-allow derive_classpath environ_system_data_file:file create_file_perms;
-
-# b/183079517 fails on gphone targets otherwise
-allow derive_classpath unlabeled:dir search;
-
-# Allow derive_classpath to write the classpath into ota dexopt
-# - Read the ota's apex dir
-allow derive_classpath postinstall_apex_mnt_dir:dir r_dir_perms;
-# - Report the BCP to the ota's dexopt
-allow derive_classpath postinstall_dexopt:dir search;
-allow derive_classpath postinstall_dexopt:fd use;
-allow derive_classpath postinstall_dexopt:file read;
-allow derive_classpath postinstall_dexopt:lnk_file read;
-allow derive_classpath postinstall_dexopt_tmpfs:file rw_file_perms;
diff --git a/microdroid/sepolicy/system/private/derive_sdk.te b/microdroid/sepolicy/system/private/derive_sdk.te
deleted file mode 100644
index 1f60e34..0000000
--- a/microdroid/sepolicy/system/private/derive_sdk.te
+++ /dev/null
@@ -1,12 +0,0 @@
-
-# Domain for derive_sdk
-type derive_sdk, domain, coredomain;
-type derive_sdk_exec, system_file_type, exec_type, file_type;
-init_daemon_domain(derive_sdk)
-
-# Read /apex
-allow derive_sdk apex_mnt_dir:dir r_dir_perms;
-
-# Prop rules: writable by derive_sdk, readable by bootclasspath (apps)
-set_prop(derive_sdk, module_sdkextensions_prop)
-neverallow { domain -init -derive_sdk } module_sdkextensions_prop:property_service set;
diff --git a/microdroid/sepolicy/system/private/postinstall_dexopt.te b/microdroid/sepolicy/system/private/postinstall_dexopt.te
index 94af043..14e7854 100644
--- a/microdroid/sepolicy/system/private/postinstall_dexopt.te
+++ b/microdroid/sepolicy/system/private/postinstall_dexopt.te
@@ -16,10 +16,6 @@
# with the `postinstall_file` type by update_engine.
domain_auto_trans(postinstall_dexopt, postinstall_file, dex2oat)
-# Run derive_classpath to get the current BCP.
-domain_auto_trans(postinstall_dexopt, derive_classpath_exec, derive_classpath)
-# Allow postinstall_dexopt to make a tempfile for derive_classpath to write into
-tmpfs_domain(postinstall_dexopt);
allow postinstall_dexopt postinstall_dexopt_tmpfs:file open;
allow postinstall_dexopt self:global_capability_class_set { chown dac_override dac_read_search fowner fsetid setgid setuid };
diff --git a/microdroid/sepolicy/system/private/property_contexts b/microdroid/sepolicy/system/private/property_contexts
index c2a3a62..deeb840 100644
--- a/microdroid/sepolicy/system/private/property_contexts
+++ b/microdroid/sepolicy/system/private/property_contexts
@@ -32,7 +32,6 @@
ro.logd.kernel u:object_r:logd_prop:s0 exact bool
ro.boottime.adbd u:object_r:boottime_prop:s0 exact int
-ro.boottime.derive_sdk u:object_r:boottime_prop:s0 exact int
ro.boottime.hwservicemanager u:object_r:boottime_prop:s0 exact int
ro.boottime.init u:object_r:boottime_prop:s0 exact int
ro.boottime.init.cold_boot_wait u:object_r:boottime_prop:s0 exact int
@@ -59,7 +58,6 @@
sys.usb.controller u:object_r:usb_control_prop:s0 exact string
-init.svc.derive_sdk u:object_r:init_service_status_private_prop:s0 exact string
init.svc.hwservicemanager u:object_r:init_service_status_private_prop:s0 exact string
init.svc.keystore2 u:object_r:init_service_status_private_prop:s0 exact string
init.svc.logd u:object_r:init_service_status_private_prop:s0 exact string
diff --git a/virtualizationservice/src/aidl.rs b/virtualizationservice/src/aidl.rs
index bc19109..8bdfa9d 100644
--- a/virtualizationservice/src/aidl.rs
+++ b/virtualizationservice/src/aidl.rs
@@ -59,8 +59,8 @@
/// The list of APEXes which microdroid requires.
/// TODO(b/192200378) move this to microdroid.json?
-const MICRODROID_REQUIRED_APEXES: [&str; 4] =
- ["com.android.adbd", "com.android.i18n", "com.android.os.statsd", "com.android.sdkext"];
+const MICRODROID_REQUIRED_APEXES: [&str; 3] =
+ ["com.android.adbd", "com.android.i18n", "com.android.os.statsd"];
/// Implementation of `IVirtualizationService`, the entry point of the AIDL service.
#[derive(Debug, Default)]