Remove the last traces of idmap (replaced by idmap2)
Remove mention of the /system/bin/idmap binary: the file no longer
exists.
Remove interaction between the domains installd and idmap to interact:
installd used to fork and exec the idmap binary, but the idmap2 binary
has its own binder service.
Bug: 118711077
Bug: 119264713
Test: atest FrameworksServicesTests:com.android.server.om OverlayDeviceTests OverlayHostTests CtsAppSecurityHostTestCases:OverlayHostTest
Change-Id: I06d22057308984e43cb84ff365dbdd1864c7064b
diff --git a/private/file_contexts b/private/file_contexts
index 5490059..e27cbe9 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -327,7 +327,6 @@
/system/bin/blkid u:object_r:blkid_exec:s0
/system/bin/tzdatacheck u:object_r:tzdatacheck_exec:s0
/system/bin/flags_health_check -- u:object_r:flags_health_check_exec:s0
-/system/bin/idmap u:object_r:idmap_exec:s0
/system/bin/idmap2(d)? u:object_r:idmap_exec:s0
/system/bin/update_engine u:object_r:update_engine_exec:s0
/system/bin/profcollectd u:object_r:profcollectd_exec:s0
diff --git a/public/idmap.te b/public/idmap.te
index f41f573..76ef622 100644
--- a/public/idmap.te
+++ b/public/idmap.te
@@ -2,15 +2,10 @@
type idmap, domain;
type idmap_exec, system_file_type, exec_type, file_type;
-# TODO remove /system/bin/idmap and the link between idmap and installd (b/118711077)
-# Use open file to /data/resource-cache file inherited from installd.
-allow idmap installd:fd use;
+# Allow read + write access to /data/resource-cache
allow idmap resourcecache_data_file:file create_file_perms;
allow idmap resourcecache_data_file:dir rw_dir_perms;
-# Ignore reading /proc/<pid>/maps after a fork.
-dontaudit idmap installd:file read;
-
# Open and read from target and overlay apk files passed by argument.
allow idmap apk_data_file:file r_file_perms;
allow idmap apk_data_file:dir search;