Merge "sepolicy-analyze: Change booleans command to be more test-friendly."
diff --git a/file.te b/file.te
index 5ac2b66..fe28213 100644
--- a/file.te
+++ b/file.te
@@ -142,7 +142,6 @@
type gps_socket, file_type;
type installd_socket, file_type;
type lmkd_socket, file_type;
-type logd_debug, file_type, mlstrustedobject;
type logd_socket, file_type, mlstrustedobject;
type logdr_socket, file_type, mlstrustedobject;
type logdw_socket, file_type, mlstrustedobject;
diff --git a/file_contexts b/file_contexts
index d510476..ce55cc8 100644
--- a/file_contexts
+++ b/file_contexts
@@ -86,7 +86,6 @@
/dev/socket/gps u:object_r:gps_socket:s0
/dev/socket/installd u:object_r:installd_socket:s0
/dev/socket/lmkd u:object_r:lmkd_socket:s0
-/dev/logd_debug u:object_r:logd_debug:s0
/dev/socket/logd u:object_r:logd_socket:s0
/dev/socket/logdr u:object_r:logdr_socket:s0
/dev/socket/logdw u:object_r:logdw_socket:s0
diff --git a/logd.te b/logd.te
index 70a894c..8c28b48 100644
--- a/logd.te
+++ b/logd.te
@@ -9,18 +9,14 @@
allow logd self:netlink_audit_socket { create_socket_perms nlmsg_write };
allow logd kernel:system syslog_read;
allow logd kmsg_device:chr_file w_file_perms;
+allow logd system_data_file:file r_file_perms;
r_dir_file(logd, domain)
-userdebug_or_eng(`
- # Debug output
- type_transition logd device:file logd_debug;
- allow logd device:dir rw_dir_perms;
- allow logd logd_debug:file create_file_perms;
-')
-
allow logd kernel:system syslog_mod;
+control_logd(logd)
+
###
### Neverallow rules
###
diff --git a/te_macros b/te_macros
index 35dfb4d..fae0e3a 100644
--- a/te_macros
+++ b/te_macros
@@ -301,9 +301,6 @@
# Ability to write to android log
# daemon via sockets
define(`write_logd', `
-userdebug_or_eng(`
- allow $1 logd_debug:file w_file_perms;
-')
unix_socket_send($1, logdw, logd)
allow $1 pmsg_device:chr_file w_file_perms;
')