Remove com.android.sepolicy policy
Bug: 297794885
Test: presubmit
Change-Id: I91b1584fe2e13322cd3a0add92887097e190246e
diff --git a/Android.bp b/Android.bp
index 3c53931..1d06d7d 100644
--- a/Android.bp
+++ b/Android.bp
@@ -207,36 +207,6 @@
}
-se_policy_conf {
- name: "apex_sepolicy-33.conf",
- srcs: plat_public_policy + plat_private_policy + ["com.android.sepolicy/33/*.te"],
- installable: false,
-}
-
-se_policy_cil {
- name: "apex_sepolicy-33.cil",
- src: ":apex_sepolicy-33.conf",
- filter_out: [":plat_sepolicy.cil"],
- installable: false,
- stem: "apex_sepolicy.cil",
-}
-
-se_policy_cil {
- name: "decompiled_sepolicy-without_apex.cil",
- src: ":precompiled_sepolicy-without_apex",
- decompile_binary: true,
-}
-
-se_policy_cil {
- name: "apex_sepolicy-33.decompiled.cil",
- src: ":precompiled_sepolicy",
- decompile_binary: true,
- filter_out: [":decompiled_sepolicy-without_apex.cil"],
- additional_cil_files: ["com.android.sepolicy/33/definitions/definitions.cil"],
- secilc_check: false,
- stem: "apex_sepolicy.decompiled.cil",
-}
-
// userdebug_plat_policy.conf - the userdebug version plat_sepolicy.cil
se_policy_conf {
name: "userdebug_plat_sepolicy.conf",
@@ -470,9 +440,6 @@
// AND
// - product_sepolicy_and_mapping.sha256 equals
// precompiled_sepolicy.product_sepolicy_and_mapping.sha256
-// AND
-// - apex_sepolicy.sha256 equals
-// precompiled_sepolicy.apex_sepolicy.sha256
// See system/core/init/selinux.cpp for details.
//////////////////////////////////
genrule {
@@ -490,20 +457,6 @@
}
genrule {
- name: "apex_sepolicy.sha256_gen",
- srcs: [":apex_sepolicy-33.cil"],
- out: ["apex_sepolicy.sha256"],
- cmd: "cat $(in) | sha256sum | cut -d' ' -f1 > $(out)",
-}
-
-prebuilt_etc {
- name: "apex_sepolicy.sha256",
- filename: "apex_sepolicy.sha256",
- src: ":apex_sepolicy.sha256_gen",
- installable: false,
-}
-
-genrule {
name: "system_ext_sepolicy_and_mapping.sha256_gen",
srcs: [":system_ext_sepolicy.cil", ":system_ext_mapping_file"],
out: ["system_ext_sepolicy_and_mapping.sha256"],
@@ -572,18 +525,6 @@
}
//////////////////////////////////
-// SHA-256 digest of the apex_sepolicy.cil against which precompiled_policy
-// was built.
-//////////////////////////////////
-prebuilt_etc {
- defaults: ["precompiled_sepolicy_prebuilts"],
- name: "precompiled_sepolicy.apex_sepolicy.sha256",
- filename: "precompiled_sepolicy.apex_sepolicy.sha256",
- src: ":apex_sepolicy.sha256_gen",
- relative_install_path: "selinux",
-}
-
-//////////////////////////////////
// SHA-256 digest of the system_ext_sepolicy.cil and system_ext_mapping_file against
// which precompiled_policy was built.
//////////////////////////////////
@@ -619,36 +560,6 @@
name: "precompiled_sepolicy",
srcs: [
":plat_sepolicy.cil",
- ":apex_sepolicy-33.cil",
- ":plat_pub_versioned.cil",
- ":system_ext_sepolicy.cil",
- ":product_sepolicy.cil",
- ":vendor_sepolicy.cil",
- ":odm_sepolicy.cil",
- ":plat_mapping_file",
- ":system_ext_mapping_file",
- ":product_mapping_file",
- ],
- soong_config_variables: {
- BOARD_USES_ODMIMAGE: {
- device_specific: true,
- conditions_default: {
- vendor: true,
- },
- },
- },
- required: [
- "sepolicy_neverallows",
- ],
- dist: {
- targets: ["base-sepolicy-files-for-mapping"],
- },
-}
-
-precompiled_se_policy_binary {
- name: "precompiled_sepolicy-without_apex",
- srcs: [
- ":plat_sepolicy.cil",
":plat_pub_versioned.cil",
":system_ext_sepolicy.cil",
":product_sepolicy.cil",
diff --git a/apex/Android.bp b/apex/Android.bp
index 9929c24..45a397a 100644
--- a/apex/Android.bp
+++ b/apex/Android.bp
@@ -192,13 +192,6 @@
}
filegroup {
- name: "com.android.sepolicy-file_contexts",
- srcs: [
- "com.android.sepolicy-file_contexts",
- ],
-}
-
-filegroup {
name: "com.android.tzdata-file_contexts",
srcs: [
"com.android.tzdata-file_contexts",
diff --git a/apex/com.android.sepolicy-file_contexts b/apex/com.android.sepolicy-file_contexts
deleted file mode 100644
index 83b4b58..0000000
--- a/apex/com.android.sepolicy-file_contexts
+++ /dev/null
@@ -1 +0,0 @@
-(/.*)? u:object_r:system_file:s0
diff --git a/com.android.sepolicy/33/Android.bp b/com.android.sepolicy/33/Android.bp
deleted file mode 100644
index f3387ac..0000000
--- a/com.android.sepolicy/33/Android.bp
+++ /dev/null
@@ -1,56 +0,0 @@
-// Copyright (C) 2021 The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package {
- // http://go/android-license-faq
- // A large-scale-change added 'default_applicable_licenses' to import
- // the below license kinds from "system_sepolicy_license":
- // SPDX-license-identifier-Apache-2.0
- default_applicable_licenses: ["system_sepolicy_license"],
-}
-
-genrule {
- name: "apex_file_contexts-33.gen",
- defaults: ["sepolicy_file_contexts_gen_default"],
- srcs: ["file_contexts"],
- out: ["apex_file_contexts-33"],
-}
-
-prebuilt_etc {
- name: "apex_file_contexts-33",
- filename: "apex_file_contexts",
- src: ":apex_file_contexts-33.gen",
- installable: false,
-}
-
-prebuilt_etc {
- name: "apex_property_contexts-33",
- filename: "apex_property_contexts",
- src: "property_contexts",
- installable: false,
-}
-
-prebuilt_etc {
- name: "apex_service_contexts-33",
- filename: "apex_service_contexts",
- src: "service_contexts",
- installable: false,
-}
-
-prebuilt_etc {
- name: "apex_seapp_contexts-33",
- filename: "apex_seapp_contexts",
- src: "seapp_contexts",
- installable: false,
-}
diff --git a/com.android.sepolicy/33/definitions/definitions.cil b/com.android.sepolicy/33/definitions/definitions.cil
deleted file mode 100644
index ffe4660..0000000
--- a/com.android.sepolicy/33/definitions/definitions.cil
+++ /dev/null
@@ -1,15 +0,0 @@
-; This file is required for sepolicy amend (go/seamendc).
-; The seamendc binary reads an amend SELinux policy as input in CIL format and applies its rules to
-; a binary SELinux policy. To parse the input correctly, we require the amend policy to be a valid
-; standalone policy. This file contains the preliminary statements(sid, sidorder, etc.) and
-; definitions (type, typeattribute, class, etc.) necessary to make the amend policy compile
-; successfully.
-(sid amend)
-(sidorder (amend))
-
-(classorder (file))
-
-;;;;;;;;;;;;;;;;;;;;;; shell.te ;;;;;;;;;;;;;;;;;;;;;;
-(type shell)
-(type sepolicy_test_file)
-(class file (ioctl read getattr lock map open watch watch_reads))
diff --git a/com.android.sepolicy/33/file_contexts b/com.android.sepolicy/33/file_contexts
deleted file mode 100644
index 14f99f9..0000000
--- a/com.android.sepolicy/33/file_contexts
+++ /dev/null
@@ -1 +0,0 @@
-/dev/selinux/apex_test u:object_r:sepolicy_test_file:s0
diff --git a/com.android.sepolicy/33/property_contexts b/com.android.sepolicy/33/property_contexts
deleted file mode 100644
index e69de29..0000000
--- a/com.android.sepolicy/33/property_contexts
+++ /dev/null
diff --git a/com.android.sepolicy/33/seapp_contexts b/com.android.sepolicy/33/seapp_contexts
deleted file mode 100644
index e69de29..0000000
--- a/com.android.sepolicy/33/seapp_contexts
+++ /dev/null
diff --git a/com.android.sepolicy/33/service_contexts b/com.android.sepolicy/33/service_contexts
deleted file mode 100644
index e69de29..0000000
--- a/com.android.sepolicy/33/service_contexts
+++ /dev/null
diff --git a/com.android.sepolicy/33/shell.te b/com.android.sepolicy/33/shell.te
deleted file mode 100644
index 757328e..0000000
--- a/com.android.sepolicy/33/shell.te
+++ /dev/null
@@ -1,2 +0,0 @@
-allow shell sepolicy_test_file:file r_file_perms;
-
diff --git a/com.android.sepolicy/Android.bp b/com.android.sepolicy/Android.bp
deleted file mode 100644
index 1e042f3..0000000
--- a/com.android.sepolicy/Android.bp
+++ /dev/null
@@ -1,28 +0,0 @@
-// Copyright (C) 2021 The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package {
- // http://go/android-license-faq
- // A large-scale-change added 'default_applicable_licenses' to import
- // the below license kinds from "system_sepolicy_license":
- // SPDX-license-identifier-Apache-2.0
- default_applicable_licenses: ["system_sepolicy_license"],
-}
-
-genrule_defaults {
- name: "sepolicy_file_contexts_gen_default",
- tools: ["fc_sort"],
- cmd: "sed -e 's/#.*$$//' -e '/^$$/d' $(in) > $(out).tmp && " +
- "$(location fc_sort) -i $(out).tmp -o $(out)",
-}