Revert^2 "Add microfuchsia selinux policies"
8794c8c3546472ffd3cfb378df6514e9bb8fc576
Change-Id: Ie1f098a651674c788f1978fa44b5dbd5151270b8
diff --git a/private/microfuchsiad.te b/private/microfuchsiad.te
new file mode 100644
index 0000000..f02acaf
--- /dev/null
+++ b/private/microfuchsiad.te
@@ -0,0 +1,18 @@
+is_flag_enabled(RELEASE_AVF_ENABLE_MICROFUCHSIA, `
+ type microfuchsiad, domain, coredomain;
+ type microfuchsiad_exec, system_file_type, exec_type, file_type;
+
+ # Host dynamic AIDL services
+ init_daemon_domain(microfuchsiad)
+ binder_use(microfuchsiad)
+ add_service(microfuchsiad, microfuchsia_service)
+
+ # Call back into system server
+ binder_call(microfuchsiad, system_server)
+
+ # Start a VM
+ virtualizationservice_use(microfuchsiad)
+
+ # Create pty devices
+ allow microfuchsiad devpts:chr_file { read write open getattr ioctl };
+')
diff --git a/private/service.te b/private/service.te
index 6c55ed4..80d5168 100644
--- a/private/service.te
+++ b/private/service.te
@@ -34,6 +34,9 @@
type vm_tethering_service, system_server_service, service_manager_type;
type vmnic_service, service_manager_type;
')
+is_flag_enabled(RELEASE_AVF_ENABLE_MICROFUCHSIA, `
+ type microfuchsia_service, service_manager_type;
+')
type uce_service, service_manager_type;
type wearable_sensing_service, app_api_service, system_server_service, service_manager_type;
diff --git a/private/service_contexts b/private/service_contexts
index d1eecd5..f81491a 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -174,6 +174,9 @@
android.system.virtualizationservice_internal.IVmnic u:object_r:vmnic_service:s0
android.system.vmtethering.IVmTethering u:object_r:vm_tethering_service:s0
')
+is_flag_enabled(RELEASE_AVF_ENABLE_MICROFUCHSIA, `
+ android.system.microfuchsiad u:object_r:microfuchsia_service:s0
+')
ambient_context u:object_r:ambient_context_service:s0
app_binding u:object_r:app_binding_service:s0
app_hibernation u:object_r:app_hibernation_service:s0