Revert "Add /system_ext/etc/selinux/ to the debug policy search ..."

Revert "Add a copy of debug policy to GSI system image"

Revert "Add PRODUCT_INSTALL_DEBUG_POLICY_TO_SYSTEM_EXT"

Revert "Add system_ext_userdebug_plat_sepolicy.cil for GSI"

Revert submission 1824717-gsi_debug_policy

Reason for revert: Breaks the build (see b/200933187).
Reverted Changes:
I37ef02628:Add a copy of debug policy to GSI system image
I9c3dad8bb:Add PRODUCT_INSTALL_DEBUG_POLICY_TO_SYSTEM_EXT
I43adc6ada:Add system_ext_userdebug_plat_sepolicy.cil for GSI...
I4d6235c73:Add /system_ext/etc/selinux/ to the debug policy s...

Change-Id: I2eb3b00abb981c25514b75b2e7b4b7b203653390
diff --git a/init/Android.bp b/init/Android.bp
index a0fe017..5d09687 100644
--- a/init/Android.bp
+++ b/init/Android.bp
@@ -89,19 +89,7 @@
     "host_init_verifier.cpp",
 ]
 
-soong_config_module_type {
-    name: "libinit_cc_defaults",
-    module_type: "cc_defaults",
-    config_namespace: "ANDROID",
-    bool_variables: [
-        "PRODUCT_INSTALL_DEBUG_POLICY_TO_SYSTEM_EXT",
-    ],
-    properties: [
-        "cflags",
-    ],
-}
-
-libinit_cc_defaults {
+cc_defaults {
     name: "init_defaults",
     sanitize: {
         misc_undefined: ["signed-integer-overflow"],
@@ -121,7 +109,6 @@
         "-DDUMP_ON_UMOUNT_FAILURE=0",
         "-DSHUTDOWN_ZERO_TIMEOUT=0",
         "-DINIT_FULL_SOURCES",
-        "-DINSTALL_DEBUG_POLICY_TO_SYSTEM_EXT=0",
     ],
     product_variables: {
         debuggable: {
@@ -150,14 +137,6 @@
             cppflags: ["-DUSER_MODE_LINUX"],
         },
     },
-    soong_config_variables: {
-        PRODUCT_INSTALL_DEBUG_POLICY_TO_SYSTEM_EXT: {
-            cflags: [
-                "-UINSTALL_DEBUG_POLICY_TO_SYSTEM_EXT",
-                "-DINSTALL_DEBUG_POLICY_TO_SYSTEM_EXT=1",
-            ],
-        },
-    },
     static_libs: [
         "libavb",
         "libc++fs",
diff --git a/init/first_stage_init.cpp b/init/first_stage_init.cpp
index c7b7b0c..78e5b60 100644
--- a/init/first_stage_init.cpp
+++ b/init/first_stage_init.cpp
@@ -330,21 +330,14 @@
     // If "/force_debuggable" is present, the second-stage init will use a userdebug
     // sepolicy and load adb_debug.prop to allow adb root, if the device is unlocked.
     if (access("/force_debuggable", F_OK) == 0) {
-        constexpr const char adb_debug_prop_src[] = "/adb_debug.prop";
-        constexpr const char userdebug_plat_sepolicy_cil_src[] = "/userdebug_plat_sepolicy.cil";
         std::error_code ec;  // to invoke the overloaded copy_file() that won't throw.
-        if (access(adb_debug_prop_src, F_OK) == 0 &&
-            !fs::copy_file(adb_debug_prop_src, kDebugRamdiskProp, ec)) {
-            LOG(WARNING) << "Can't copy " << adb_debug_prop_src << " to " << kDebugRamdiskProp
-                         << ": " << ec.message();
+        if (!fs::copy_file("/adb_debug.prop", kDebugRamdiskProp, ec) ||
+            !fs::copy_file("/userdebug_plat_sepolicy.cil", kDebugRamdiskSEPolicy, ec)) {
+            LOG(ERROR) << "Failed to setup debug ramdisk";
+        } else {
+            // setenv for second-stage init to read above kDebugRamdisk* files.
+            setenv("INIT_FORCE_DEBUGGABLE", "true", 1);
         }
-        if (access(userdebug_plat_sepolicy_cil_src, F_OK) == 0 &&
-            !fs::copy_file(userdebug_plat_sepolicy_cil_src, kDebugRamdiskSEPolicy, ec)) {
-            LOG(WARNING) << "Can't copy " << userdebug_plat_sepolicy_cil_src << " to "
-                         << kDebugRamdiskSEPolicy << ": " << ec.message();
-        }
-        // setenv for second-stage init to read above kDebugRamdisk* files.
-        setenv("INIT_FORCE_DEBUGGABLE", "true", 1);
     }
 
     if (ForceNormalBoot(cmdline, bootconfig)) {
diff --git a/init/selinux.cpp b/init/selinux.cpp
index 29c0ff3..42d3023 100644
--- a/init/selinux.cpp
+++ b/init/selinux.cpp
@@ -295,25 +295,6 @@
     return access(plat_policy_cil_file, R_OK) != -1;
 }
 
-std::optional<const char*> GetUserdebugPlatformPolicyFile() {
-    // See if we need to load userdebug_plat_sepolicy.cil instead of plat_sepolicy.cil.
-    const char* force_debuggable_env = getenv("INIT_FORCE_DEBUGGABLE");
-    if (force_debuggable_env && "true"s == force_debuggable_env && AvbHandle::IsDeviceUnlocked()) {
-        const std::vector<const char*> debug_policy_candidates = {
-#if INSTALL_DEBUG_POLICY_TO_SYSTEM_EXT == 1
-            "/system_ext/etc/selinux/userdebug_plat_sepolicy.cil",
-#endif
-            kDebugRamdiskSEPolicy,
-        };
-        for (const char* debug_policy : debug_policy_candidates) {
-            if (access(debug_policy, F_OK) == 0) {
-                return debug_policy;
-            }
-        }
-    }
-    return std::nullopt;
-}
-
 struct PolicyFile {
     unique_fd fd;
     std::string path;
@@ -329,10 +310,13 @@
     // secilc is invoked to compile the above three policy files into a single monolithic policy
     // file. This file is then loaded into the kernel.
 
-    const auto userdebug_plat_sepolicy = GetUserdebugPlatformPolicyFile();
-    const bool use_userdebug_policy = userdebug_plat_sepolicy.has_value();
+    // See if we need to load userdebug_plat_sepolicy.cil instead of plat_sepolicy.cil.
+    const char* force_debuggable_env = getenv("INIT_FORCE_DEBUGGABLE");
+    bool use_userdebug_policy =
+            ((force_debuggable_env && "true"s == force_debuggable_env) &&
+             AvbHandle::IsDeviceUnlocked() && access(kDebugRamdiskSEPolicy, F_OK) == 0);
     if (use_userdebug_policy) {
-        LOG(INFO) << "Using userdebug system sepolicy " << *userdebug_plat_sepolicy;
+        LOG(WARNING) << "Using userdebug system sepolicy";
     }
 
     // Load precompiled policy from vendor image, if a matching policy is found there. The policy
@@ -429,7 +413,7 @@
     // clang-format off
     std::vector<const char*> compile_args {
         "/system/bin/secilc",
-        use_userdebug_policy ? *userdebug_plat_sepolicy : plat_policy_cil_file,
+        use_userdebug_policy ? kDebugRamdiskSEPolicy: plat_policy_cil_file,
         "-m", "-M", "true", "-G", "-N",
         "-c", version_as_string.c_str(),
         plat_mapping_file.c_str(),