Merge "Remove references to nonplat sepolicy" am: 37919f5b87 am: 012a7d8166 am: 91850c27fb am: 61682bd7da am: a3b021024d
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1882149
Change-Id: I6151804967293ae766fdf74e9485e56eea88731d
diff --git a/private/compat/31.0/31.0.cil b/private/compat/31.0/31.0.cil
index a71eec4..061edca 100644
--- a/private/compat/31.0/31.0.cil
+++ b/private/compat/31.0/31.0.cil
@@ -4,6 +4,7 @@
(type apex_scheduling_data_file)
(type apex_wifi_data_file)
(type healthd_exec)
+(type nonplat_service_contexts_file)
(type vr_hwc)
(type vr_hwc_exec)
diff --git a/private/file_contexts b/private/file_contexts
index 14a56d5..3049bc6 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -48,29 +48,21 @@
# SELinux policy files
/vendor_file_contexts u:object_r:file_contexts_file:s0
-/nonplat_file_contexts u:object_r:file_contexts_file:s0
/plat_file_contexts u:object_r:file_contexts_file:s0
/product_file_contexts u:object_r:file_contexts_file:s0
/mapping_sepolicy\.cil u:object_r:sepolicy_file:s0
-/nonplat_sepolicy\.cil u:object_r:sepolicy_file:s0
/plat_sepolicy\.cil u:object_r:sepolicy_file:s0
/plat_property_contexts u:object_r:property_contexts_file:s0
/product_property_contexts u:object_r:property_contexts_file:s0
-/nonplat_property_contexts u:object_r:property_contexts_file:s0
/vendor_property_contexts u:object_r:property_contexts_file:s0
/seapp_contexts u:object_r:seapp_contexts_file:s0
-/nonplat_seapp_contexts u:object_r:seapp_contexts_file:s0
/vendor_seapp_contexts u:object_r:seapp_contexts_file:s0
/plat_seapp_contexts u:object_r:seapp_contexts_file:s0
/sepolicy u:object_r:sepolicy_file:s0
/plat_service_contexts u:object_r:service_contexts_file:s0
/plat_hwservice_contexts u:object_r:hwservice_contexts_file:s0
/plat_keystore2_key_contexts u:object_r:keystore2_key_contexts_file:s0
-/nonplat_service_contexts u:object_r:nonplat_service_contexts_file:s0
-# Use nonplat_service_contexts_file to allow servicemanager to read it
-# on non full-treble devices.
-/vendor_service_contexts u:object_r:nonplat_service_contexts_file:s0
-/nonplat_hwservice_contexts u:object_r:hwservice_contexts_file:s0
+/vendor_service_contexts u:object_r:vendor_service_contexts_file:s0
/vendor_hwservice_contexts u:object_r:hwservice_contexts_file:s0
/vndservice_contexts u:object_r:vndservice_contexts_file:s0
@@ -402,8 +394,6 @@
# HAL location
/(vendor|system/vendor)/lib(64)?/hw u:object_r:vendor_hal_file:s0
-/(vendor|system/vendor)/etc/selinux/nonplat_service_contexts u:object_r:nonplat_service_contexts_file:s0
-
/(vendor|system/vendor)/etc/selinux/vendor_service_contexts u:object_r:vendor_service_contexts_file:s0
#############################
diff --git a/public/file.te b/public/file.te
index 6e2adde..adda969 100644
--- a/public/file.te
+++ b/public/file.te
@@ -566,9 +566,6 @@
# vendor service_contexts file
type vendor_service_contexts_file, vendor_file_type, file_type;
-# nonplat service_contexts file (only accessible on non full-treble devices)
-type nonplat_service_contexts_file, vendor_file_type, file_type;
-
# hwservice_contexts file
type hwservice_contexts_file, system_file_type, file_type;
diff --git a/public/servicemanager.te b/public/servicemanager.te
index 63fc227..a085a61 100644
--- a/public/servicemanager.te
+++ b/public/servicemanager.te
@@ -22,7 +22,7 @@
allow servicemanager vendor_service_contexts_file:file r_file_perms;
# nonplat_service_contexts only accessible on non full-treble devices
-not_full_treble(`allow servicemanager nonplat_service_contexts_file:file r_file_perms;')
+not_full_treble(`allow servicemanager vendor_service_contexts_file:file r_file_perms;')
add_service(servicemanager, service_manager_service)
allow servicemanager dumpstate:fd use;