Merge "Revert "Add sepolicy for terminal app for composite disk and disk resizing"" into main
diff --git a/private/domain.te b/private/domain.te
index 515317b..a15c176 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -1747,19 +1747,11 @@
-artd # compile secondary dex files
-installd
} {
+ privapp_data_file
app_data_file
is_flag_enabled(RELEASE_UNLOCKED_STORAGE_API, `storage_area_content_file')
}:dir_file_class_set { relabelfrom relabelto };
-neverallow {
- domain
- -artd # compile secondary dex files
- -installd
- -vmlauncher_app # it still cannot relabel files belong to other apps due to UID mismatch
-} {
- privapp_data_file
-}:dir_file_class_set { relabelfrom relabelto };
-
is_flag_enabled(RELEASE_UNLOCKED_STORAGE_API, `
neverallow {
domain
diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
index a78d974..1acf734 100644
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te
@@ -124,7 +124,6 @@
-init
-virtualizationmanager
-virtualizationservice
- -vmlauncher_app
} virtualizationservice_data_file:file { open create };
neverallow virtualizationservice {
diff --git a/private/vmlauncher_app.te b/private/vmlauncher_app.te
index 934031a..8597fcd 100644
--- a/private/vmlauncher_app.te
+++ b/private/vmlauncher_app.te
@@ -13,9 +13,6 @@
allow vmlauncher_app fsck_exec:file { r_file_perms execute execute_no_trans };
-allow vmlauncher_app virtualizationservice_data_file:file { read relabelto open write unlink rename };
-allow vmlauncher_app privapp_data_file:file { relabelfrom };
-
is_flag_enabled(RELEASE_AVF_SUPPORT_CUSTOM_VM_WITH_PARAVIRTUALIZED_DEVICES, `
# TODO(b/332677707): remove them when display service uses binder RPC.
allow vmlauncher_app virtualization_service:service_manager find;