Remove all sepolicy relating to racoon
Legacy VPNs are removed, including the usage of racoon.
Bug: 161776767
Test: m
Change-Id: I8211b3f00cc0213b1c89b269857adc7c21b97efb
diff --git a/private/compat/34.0/34.0.cil b/private/compat/34.0/34.0.cil
index aa8a56c..b10103e 100644
--- a/private/compat/34.0/34.0.cil
+++ b/private/compat/34.0/34.0.cil
@@ -1,3 +1,7 @@
+;; types removed from current policy
+(type racoon)
+(type racoon_exec)
+
;; mapping information from ToT policy's types to 34.0 policy's types.
(expandtypeattribute (DockObserver_service_34_0) true)
(expandtypeattribute (IProxyService_service_34_0) true)
diff --git a/private/file_contexts b/private/file_contexts
index 32092da..332ab2d 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -177,7 +177,6 @@
/dev/socket/prng_seeder u:object_r:prng_seeder_socket:s0
/dev/socket/property_service u:object_r:property_socket:s0
/dev/socket/property_service_for_system u:object_r:property_socket:s0
-/dev/socket/racoon u:object_r:racoon_socket:s0
/dev/socket/recovery u:object_r:recovery_socket:s0
/dev/socket/rild u:object_r:rild_socket:s0
/dev/socket/rild-debug u:object_r:rild_debug_socket:s0
@@ -319,7 +318,6 @@
/system/bin/dmesgd u:object_r:dmesgd_exec:s0
/system/bin/mtpd u:object_r:mtp_exec:s0
/system/bin/pppd u:object_r:ppp_exec:s0
-/system/bin/racoon u:object_r:racoon_exec:s0
/system/xbin/su u:object_r:su_exec:s0
/system/bin/dnsmasq u:object_r:dnsmasq_exec:s0
/system/bin/linker(64)? u:object_r:system_linker_exec:s0
diff --git a/private/racoon.te b/private/racoon.te
deleted file mode 100644
index 42ea7c9..0000000
--- a/private/racoon.te
+++ /dev/null
@@ -1,3 +0,0 @@
-typeattribute racoon coredomain;
-
-init_daemon_domain(racoon)
diff --git a/private/system_server.te b/private/system_server.te
index 97e64af..88d6316 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -262,7 +262,6 @@
unix_socket_connect(system_server, lmkd, lmkd)
unix_socket_connect(system_server, mtpd, mtp)
unix_socket_connect(system_server, zygote, zygote)
-unix_socket_connect(system_server, racoon, racoon)
unix_socket_connect(system_server, uncrypt, uncrypt)
# Allow system_server to write to statsd.
diff --git a/public/racoon.te b/public/racoon.te
deleted file mode 100644
index b0383f0..0000000
--- a/public/racoon.te
+++ /dev/null
@@ -1,27 +0,0 @@
-# IKE key management daemon
-type racoon, domain;
-type racoon_exec, system_file_type, exec_type, file_type;
-
-typeattribute racoon mlstrustedsubject;
-
-net_domain(racoon)
-allowxperm racoon self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFADDR SIOCSIFNETMASK };
-
-binder_use(racoon)
-
-allow racoon tun_device:chr_file r_file_perms;
-allowxperm racoon tun_device:chr_file ioctl TUNSETIFF;
-allow racoon cgroup:dir { add_name create };
-allow racoon cgroup_v2:dir { add_name create };
-
-allow racoon self:key_socket create_socket_perms_no_ioctl;
-allow racoon self:tun_socket create_socket_perms_no_ioctl;
-allow racoon self:global_capability_class_set { net_admin net_bind_service net_raw };
-
-# XXX: should we give ip-up-vpn its own label (currently racoon domain)
-allow racoon system_file:file rx_file_perms;
-not_full_treble(`allow racoon vendor_file:file rx_file_perms;')
-allow racoon vpn_data_file:file create_file_perms;
-allow racoon vpn_data_file:dir w_dir_perms;
-
-use_keystore(racoon)