Leave minimal sepolicy for microdroid
Steps taken:
1) Grab remaining types in contexts files.
2) Leave such types and remove all other types.
3) Set attributes, according to system/etc/selinux/plat_sepolicy.cil.
4) Repeat booting and adding missing types, rules, and attributes.
5) Organize types and allow rules.
Bug: 191131624
Test: atest MicrodroidHostTestCases
Change-Id: I1302701f67e61795474c667e8e6094d67912eea0
diff --git a/microdroid/sepolicy/system/private/file.te b/microdroid/sepolicy/system/private/file.te
index 0f7e689..1989d7e 100644
--- a/microdroid/sepolicy/system/private/file.te
+++ b/microdroid/sepolicy/system/private/file.te
@@ -1,67 +1,12 @@
-# /proc/config.gz
-type config_gz, fs_type, proc_type;
-
-# /data/misc/storaged
-type storaged_data_file, file_type, data_file_type, core_data_file_type;
-
-# /data/misc/wmtrace for wm traces
-type wm_trace_data_file, file_type, data_file_type, core_data_file_type;
-
-# /data/misc/a11ytrace for accessibility traces
-type accessibility_trace_data_file, file_type, data_file_type, core_data_file_type;
-
-# /data/misc/perfetto-traces for perfetto traces
-type perfetto_traces_data_file, file_type, data_file_type, core_data_file_type;
-
-# /data/misc/perfetto-traces/bugreport for perfetto traces for bugreports.
-type perfetto_traces_bugreport_data_file, file_type, data_file_type, core_data_file_type;
-
-# /data/misc/perfetto-configs for perfetto configs
-type perfetto_configs_data_file, file_type, data_file_type, core_data_file_type;
-
-# /sys/kernel/debug/kcov for coverage guided kernel fuzzing in userdebug builds.
-type debugfs_kcov, fs_type, debugfs_type;
-
-# App executable files in /data/data directories
-type app_exec_data_file, file_type, data_file_type, core_data_file_type;
-typealias app_exec_data_file alias rs_data_file;
-
-# /data/misc_[ce|de]/rollback : Used by installd to store snapshots
-# of application data.
-type rollback_data_file, file_type, data_file_type, core_data_file_type;
-
-# /data/gsi/ota
-type ota_image_data_file, file_type, data_file_type, core_data_file_type;
-
-# /data/gsi_persistent_data
-type gsi_persistent_data_file, file_type, data_file_type, core_data_file_type;
-
-# /data/misc/emergencynumberdb
-type emergency_data_file, file_type, data_file_type, core_data_file_type;
-
-# /data/misc/profcollectd
-type profcollectd_data_file, file_type, data_file_type, core_data_file_type;
-
-# /data/misc/apexdata/com.android.art
-type apex_art_data_file, file_type, data_file_type, core_data_file_type;
-
-# /data/misc/apexdata/com.android.art/staging
-type apex_art_staging_data_file, file_type, data_file_type, core_data_file_type;
-
-# /data/font/files
-type font_data_file, file_type, data_file_type, core_data_file_type;
-
-# /data/misc/odrefresh
-type odrefresh_data_file, file_type, data_file_type, core_data_file_type;
-
-# /data/misc/odsign
-type odsign_data_file, file_type, data_file_type, core_data_file_type;
-
-# /data/misc/virtualizationservice
-type virtualizationservice_data_file, file_type, data_file_type, core_data_file_type;
-
-# /data/system/environ
-type environ_system_data_file, file_type, data_file_type, core_data_file_type;
-
-# /dev/kvm
-type kvm_device, dev_type;
+allow fs_type self:filesystem associate;
+allow cgroup tmpfs:filesystem associate;
+allow cgroup_v2 tmpfs:filesystem associate;
+allow cgroup_rc_file tmpfs:filesystem associate;
+allow debugfs_type { debugfs debugfs_tracing debugfs_tracing_debug }:filesystem associate;
+allow dev_type tmpfs:filesystem associate;
+allow file_type labeledfs:filesystem associate;
+allow file_type tmpfs:filesystem associate;
+allow file_type rootfs:filesystem associate;
+allow proc_net proc:filesystem associate;
+allow sysfs_type sysfs:filesystem associate;
+allow system_data_file tmpfs:filesystem associate;