commit 5c0a0a8190f7a6a3e05209a7251d8f7dbd76c58c
author Steven Moreland <smoreland@google.com> Mon May 13 17:06:50 2019 -0700
committer Steven Moreland <smoreland@google.com> Thu Aug 27 00:00:35 2020 +0000
tree 0bef02bfc2d4b4648f2b1112daba341f841eafbc
parent 21e31aa1068b8240c1f847d0aa1505ddde5704b2

Remove binder_in_vendor_violators.

It's release blocking if devices specify it. Since none are used
in-tree anymore, no reason to every use this again.

Bug: 131617943
Test: grepping source/build (which validates this isn't used)
Change-Id: I6f98ab9baed93e11403a10f3a0497c855d3a8695

private/binder_in_vendor_violators.te

diff --git a/private/binder_in_vendor_violators.te b/private/binder_in_vendor_violators.te
deleted file mode 100644
index 4a1218e..0000000
--- a/private/binder_in_vendor_violators.te
+++ /dev/null
@@ -1 +0,0 @@
-allow binder_in_vendor_violators binder_device:chr_file rw_file_perms;

private/compat/30.0/30.0.cil

diff --git a/private/compat/30.0/30.0.cil b/private/compat/30.0/30.0.cil
index 8804303..d16d9ed 100644
--- a/private/compat/30.0/30.0.cil
+++ b/private/compat/30.0/30.0.cil
@@ -18,6 +18,8 @@
 (type ffs_prop)
 (type system_radio_prop)
 
+(typeattribute binder_in_vendor_violators)
+
 (expandtypeattribute (DockObserver_service_30_0) true)
 (expandtypeattribute (IProxyService_service_30_0) true)
 (expandtypeattribute (accessibility_service_30_0) true)

public/attributes

diff --git a/public/attributes b/public/attributes
index f1e9c92..ce6e540 100644
--- a/public/attributes
+++ b/public/attributes
@@ -200,11 +200,6 @@
 attribute coredomain_socket;
 expandattribute coredomain_socket false;
 
-# All vendor domains which violate the requirement of not using Binder
-# TODO(b/35870313): Remove this once there are no violations
-attribute binder_in_vendor_violators;
-expandattribute binder_in_vendor_violators false;
-
 # All vendor domains which violate the requirement of not using sockets for
 # communicating with core components
 # TODO(b/36577153): Remove this once there are no violations

public/domain.te

diff --git a/public/domain.te b/public/domain.te
index f23e832..58b2d98 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -644,7 +644,6 @@
   neverallow {
     domain
     -coredomain
-    -binder_in_vendor_violators # TODO(b/131617943) remove once all violators are gone
   } {
     service_manager_type
     -vendor_service

tests/treble_sepolicy_tests.py

diff --git a/tests/treble_sepolicy_tests.py b/tests/treble_sepolicy_tests.py
index 1046fa8..9209b66 100644
--- a/tests/treble_sepolicy_tests.py
+++ b/tests/treble_sepolicy_tests.py
@@ -294,7 +294,7 @@
     return ret
 
 def TestViolatorAttributes():
-    ret = TestViolatorAttribute("binder_in_vendor_violators")
+    ret = ""
     ret += TestViolatorAttribute("socket_between_core_and_vendor_violators")
     ret += TestViolatorAttribute("vendor_executes_system_violators")
     return ret