Merge "Revert "Add rules for reading VM DTBO by vfio_handler"" into main
diff --git a/private/compat/34.0/34.0.ignore.cil b/private/compat/34.0/34.0.ignore.cil
index d9c8d1d..7558604 100644
--- a/private/compat/34.0/34.0.ignore.cil
+++ b/private/compat/34.0/34.0.ignore.cil
@@ -7,7 +7,6 @@
( new_objects
archive_service
ota_build_prop
- dtbo_block_device
snapuserd_log_data_file
hal_threadnetwork_service
virtual_camera_service
diff --git a/private/vfio_handler.te b/private/vfio_handler.te
index 3bed3c6..2a0bd37 100644
--- a/private/vfio_handler.te
+++ b/private/vfio_handler.te
@@ -27,9 +27,5 @@
# vfio_handler can only use fd from virtualizationmanager, and can't open files itself
neverallow vfio_handler virtualizationservice_data_file:file { open create };
-# Allow vfio_handler to search /dev/block for accessing dtbo.img
-allow vfio_handler block_device:dir search;
-allow vfio_handler dtbo_block_device:blk_file r_file_perms;
-
# Only vfio_handler can add vfio_handler_service
neverallow { domain -vfio_handler } vfio_handler_service:service_manager add;
diff --git a/public/device.te b/public/device.te
index 4a824c9..36299d3 100644
--- a/public/device.te
+++ b/public/device.te
@@ -93,10 +93,6 @@
# Documented at https://source.android.com/devices/bootloader/partitions
type boot_block_device, dev_type;
-# dtbo block device, type used for getting DTBO information for AVF.
-# Documented at https://source.android.com/docs/core/architecture/dto/partitions
-type dtbo_block_device, dev_type;
-
# Userdata block device mounted on /data.
# Documented at https://source.android.com/devices/bootloader/partitions
type userdata_block_device, dev_type;