seapp_contexts: Remove unused selectors
These have never been used in AOSP. Looking at ~10,000 Android
build images confirms that these are not used elsewhere within
the Android ecosystem.
Bug: 192532348
Test: build (failures here would be at build-time)
Change-Id: I787b14b531df31fbb9995156eb2e84719b7c90da
diff --git a/private/seapp_contexts b/private/seapp_contexts
index 1d38fd9..c9fc8c6 100644
--- a/private/seapp_contexts
+++ b/private/seapp_contexts
@@ -5,11 +5,9 @@
# Input selectors:
# isSystemServer (boolean)
# isEphemeralApp (boolean)
-# isOwner (boolean)
# user (string)
# seinfo (string)
# name (string)
-# path (string)
# isPrivApp (boolean)
# minTargetSdkVersion (unsigned integer)
# fromRunAs (boolean)
@@ -17,7 +15,7 @@
# All specified input selectors in an entry must match (i.e. logical AND).
# An unspecified string or boolean selector with no default will match any
# value.
-# A user, name, or path string selector that ends in * will perform a prefix
+# A user, or name string selector that ends in * will perform a prefix
# match.
# String matching is case-insensitive.
# See external/selinux/libselinux/src/android/android_platform.c,
@@ -26,7 +24,6 @@
# isSystemServer=true only matches the system server.
# An unspecified isSystemServer defaults to false.
# isEphemeralApp=true will match apps marked by PackageManager as Ephemeral
-# isOwner=true will only match for the owner/primary user.
# user=_app will match any regular app process.
# user=_isolated will match any isolated service process.
# Other values of user are matched against the name associated with the process
@@ -35,7 +32,6 @@
# mac_permissions.xml files.
# The ':' character is reserved and may not be used in seinfo.
# name= matches against the package name of the app.
-# path= matches against the directory path when labeling app directories.
# isPrivApp=true will only match for applications preinstalled in
# /system/priv-app.
# minTargetSdkVersion will match applications with a targetSdkVersion
@@ -50,19 +46,16 @@
# (1) isSystemServer=true before isSystemServer=false.
# (2) Specified isEphemeralApp= before unspecified isEphemeralApp=
# boolean.
-# (3) Specified isOwner= before unspecified isOwner= boolean.
-# (4) Specified user= string before unspecified user= string;
+# (3) Specified user= string before unspecified user= string;
# more specific user= string before less specific user= string.
-# (5) Specified seinfo= string before unspecified seinfo= string.
-# (6) Specified name= string before unspecified name= string;
+# (4) Specified seinfo= string before unspecified seinfo= string.
+# (5) Specified name= string before unspecified name= string;
# more specific name= string before less specific name= string.
-# (7) Specified path= string before unspecified path= string.
-# more specific name= string before less specific name= string.
-# (8) Specified isPrivApp= before unspecified isPrivApp= boolean.
-# (9) Higher value of minTargetSdkVersion= before lower value of
+# (6) Specified isPrivApp= before unspecified isPrivApp= boolean.
+# (7) Higher value of minTargetSdkVersion= before lower value of
# minTargetSdkVersion= integer. Note that minTargetSdkVersion=
# defaults to 0 if unspecified.
-# (10) fromRunAs=true before fromRunAs=false.
+# (8) fromRunAs=true before fromRunAs=false.
# (A fixed selector is more specific than a prefix, i.e. ending in *, and a
# longer prefix is more specific than a shorter prefix.)
# Apps are checked against entries in precedence order until the first match,
diff --git a/tools/check_seapp.c b/tools/check_seapp.c
index 2b06c11..7795e3a 100644
--- a/tools/check_seapp.c
+++ b/tools/check_seapp.c
@@ -207,11 +207,9 @@
/*Inputs*/
{ .name = "isSystemServer", .dir = dir_in, .fn_validate = validate_bool },
{ .name = "isEphemeralApp", .dir = dir_in, .fn_validate = validate_bool },
- { .name = "isOwner", .dir = dir_in, .fn_validate = validate_bool },
{ .name = "user", .dir = dir_in, },
{ .name = "seinfo", .dir = dir_in, },
{ .name = "name", .dir = dir_in, },
- { .name = "path", .dir = dir_in, },
{ .name = "isPrivApp", .dir = dir_in, .fn_validate = validate_bool },
{ .name = "minTargetSdkVersion", .dir = dir_in, .fn_validate = validate_uint },
{ .name = "fromRunAs", .dir = dir_in, .fn_validate = validate_bool },