Merge "debuggerd.te: remove domain_deprecated"
diff --git a/private/atrace.te b/private/atrace.te
index e974b69..7a7a4ca 100644
--- a/private/atrace.te
+++ b/private/atrace.te
@@ -1,3 +1,3 @@
userdebug_or_eng(`
init_daemon_domain(atrace)
-')
\ No newline at end of file
+')
diff --git a/private/file_contexts b/private/file_contexts
index 4719f10..83d179d 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -106,7 +106,6 @@
/dev/socket/dnsproxyd u:object_r:dnsproxyd_socket:s0
/dev/socket/dumpstate u:object_r:dumpstate_socket:s0
/dev/socket/fwmarkd u:object_r:fwmarkd_socket:s0
-/dev/socket/installd u:object_r:installd_socket:s0
/dev/socket/lmkd u:object_r:lmkd_socket:s0
/dev/socket/logd u:object_r:logd_socket:s0
/dev/socket/logdr u:object_r:logdr_socket:s0
diff --git a/private/hci_attach.te b/private/hci_attach.te
deleted file mode 100644
index c8ba3f6..0000000
--- a/private/hci_attach.te
+++ /dev/null
@@ -1,3 +0,0 @@
-# type_transition must be private policy the domain_trans rules could stay
-# public, but conceptually should go with this
-init_daemon_domain(hci_attach)
\ No newline at end of file
diff --git a/private/inputflinger.te b/private/inputflinger.te
index 0d3782f..dae01f8 100644
--- a/private/inputflinger.te
+++ b/private/inputflinger.te
@@ -1,3 +1,3 @@
# type_transition must be private policy the domain_trans rules could stay
# public, but conceptually should go with this
-init_daemon_domain(inputflinger)
\ No newline at end of file
+init_daemon_domain(inputflinger)
diff --git a/private/nfc.te b/private/nfc.te
index 52b0d20..bcfae5b 100644
--- a/private/nfc.te
+++ b/private/nfc.te
@@ -1 +1 @@
-app_domain(nfc)
\ No newline at end of file
+app_domain(nfc)
diff --git a/private/perfprofd.te b/private/perfprofd.te
index 1d2d084..2b06cd9 100644
--- a/private/perfprofd.te
+++ b/private/perfprofd.te
@@ -1,3 +1,3 @@
userdebug_or_eng(`
init_daemon_domain(perfprofd)
-')
\ No newline at end of file
+')
diff --git a/private/platform_app.te b/private/platform_app.te
index 93cdc75..f156cc1 100644
--- a/private/platform_app.te
+++ b/private/platform_app.te
@@ -1 +1 @@
-app_domain(platform_app)
\ No newline at end of file
+app_domain(platform_app)
diff --git a/private/radio.te b/private/radio.te
index dede5d7..76dbf1c 100644
--- a/private/radio.te
+++ b/private/radio.te
@@ -1 +1 @@
-app_domain(radio)
\ No newline at end of file
+app_domain(radio)
diff --git a/private/system_server.te b/private/system_server.te
index 5859ca4..7e0c2fb 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -12,4 +12,4 @@
type_transition system_server wpa_socket:sock_file system_wpa_socket;
# TODO: deal with tmpfs_domain pub/priv split properly
-neverallow system_server system_server_tmpfs:file execute;
\ No newline at end of file
+neverallow system_server system_server_tmpfs:file execute;
diff --git a/public/app.te b/public/app.te
index ffd647e..064b25f 100644
--- a/public/app.te
+++ b/public/app.te
@@ -334,7 +334,6 @@
# Unix domain sockets.
neverallow appdomain adbd_socket:sock_file write;
-neverallow appdomain installd_socket:sock_file write;
neverallow { appdomain -radio } rild_socket:sock_file write;
neverallow appdomain vold_socket:sock_file write;
neverallow appdomain zygote_socket:sock_file write;
diff --git a/public/blkid.te b/public/blkid.te
index 43bc944..c8df183 100644
--- a/public/blkid.te
+++ b/public/blkid.te
@@ -1,5 +1,5 @@
# blkid called from vold
-type blkid, domain, domain_deprecated;
+type blkid, domain;
type blkid_exec, exec_type, file_type;
# Allowed read-only access to encrypted devices to extract UUID/label
diff --git a/public/blkid_untrusted.te b/public/blkid_untrusted.te
index da3bdac..cbbbbae 100644
--- a/public/blkid_untrusted.te
+++ b/public/blkid_untrusted.te
@@ -1,5 +1,5 @@
# blkid for untrusted block devices
-type blkid_untrusted, domain, domain_deprecated;
+type blkid_untrusted, domain;
# Allowed read-only access to vold block devices to extract UUID/label
allow blkid_untrusted block_device:dir search;
diff --git a/public/bootstat.te b/public/bootstat.te
index 82d730c..98b2565 100644
--- a/public/bootstat.te
+++ b/public/bootstat.te
@@ -7,4 +7,4 @@
allow bootstat bootstat_data_file:file create_file_perms;
# Read access to pseudo filesystems (for /proc/uptime).
-r_dir_file(bootstat, proc)
\ No newline at end of file
+r_dir_file(bootstat, proc)
diff --git a/public/dnsmasq.te b/public/dnsmasq.te
index c52640f..ccac69a 100644
--- a/public/dnsmasq.te
+++ b/public/dnsmasq.te
@@ -1,5 +1,5 @@
# DNS, DHCP services
-type dnsmasq, domain, domain_deprecated;
+type dnsmasq, domain;
type dnsmasq_exec, exec_type, file_type;
net_domain(dnsmasq)
diff --git a/public/file.te b/public/file.te
index 57f99cb..80df22d 100644
--- a/public/file.te
+++ b/public/file.te
@@ -217,7 +217,6 @@
type dnsproxyd_socket, file_type, mlstrustedobject;
type dumpstate_socket, file_type;
type fwmarkd_socket, file_type, mlstrustedobject;
-type installd_socket, file_type;
type lmkd_socket, file_type;
type logd_socket, file_type, mlstrustedobject;
type logdr_socket, file_type, mlstrustedobject;
diff --git a/public/hci_attach.te b/public/hci_attach.te
deleted file mode 100644
index 04b6113..0000000
--- a/public/hci_attach.te
+++ /dev/null
@@ -1,7 +0,0 @@
-type hci_attach, domain, domain_deprecated;
-type hci_attach_exec, exec_type, file_type;
-
-allow hci_attach kernel:system module_request;
-allow hci_attach hci_attach_dev:chr_file rw_file_perms;
-allow hci_attach bluetooth_efs_file:dir r_dir_perms;
-allow hci_attach bluetooth_efs_file:file r_file_perms;
diff --git a/public/idmap.te b/public/idmap.te
index c1b4d0f..1ab497e 100644
--- a/public/idmap.te
+++ b/public/idmap.te
@@ -1,5 +1,5 @@
# idmap, when executed by installd
-type idmap, domain, domain_deprecated;
+type idmap, domain;
type idmap_exec, exec_type, file_type;
# Use open file to /data/resource-cache file inherited from installd.
diff --git a/public/nfc.te b/public/nfc.te
index f887c28..9296a72 100644
--- a/public/nfc.te
+++ b/public/nfc.te
@@ -1,5 +1,5 @@
# nfc subsystem
-type nfc, domain, domain_deprecated;
+type nfc, domain;
net_domain(nfc)
binder_service(nfc)
diff --git a/public/radio.te b/public/radio.te
index 07444af..d46fc89 100644
--- a/public/radio.te
+++ b/public/radio.te
@@ -39,4 +39,4 @@
# Allow access to hwservicemanager for binderized hal
binder_call(radio, hwservicemanager)
-binder_call(radio, rild)
\ No newline at end of file
+binder_call(radio, rild)
diff --git a/public/sgdisk.te b/public/sgdisk.te
index 43636d4..3007398 100644
--- a/public/sgdisk.te
+++ b/public/sgdisk.te
@@ -1,5 +1,5 @@
# sgdisk called from vold
-type sgdisk, domain, domain_deprecated;
+type sgdisk, domain;
type sgdisk_exec, exec_type, file_type;
# Allowed to read/write low-level partition tables
diff --git a/public/surfaceflinger.te b/public/surfaceflinger.te
index 608afc5..699984f 100644
--- a/public/surfaceflinger.te
+++ b/public/surfaceflinger.te
@@ -1,5 +1,5 @@
# surfaceflinger - display compositor service
-type surfaceflinger, domain, domain_deprecated;
+type surfaceflinger, domain;
type surfaceflinger_exec, exec_type, file_type;
typeattribute surfaceflinger mlstrustedsubject;
diff --git a/public/system_server.te b/public/system_server.te
index 5d0ac00..36e95ab 100644
--- a/public/system_server.te
+++ b/public/system_server.te
@@ -131,7 +131,6 @@
allow system_server self:tun_socket create_socket_perms_no_ioctl;
# Talk to init and various daemons via sockets.
-unix_socket_connect(system_server, installd, installd)
unix_socket_connect(system_server, lmkd, lmkd)
unix_socket_connect(system_server, mtpd, mtp)
unix_socket_connect(system_server, netd, netd)
diff --git a/public/tzdatacheck.te b/public/tzdatacheck.te
index 37daa75..93ae165 100644
--- a/public/tzdatacheck.te
+++ b/public/tzdatacheck.te
@@ -1,5 +1,5 @@
# The tzdatacheck command run by init.
-type tzdatacheck, domain, domain_deprecated;
+type tzdatacheck, domain;
type tzdatacheck_exec, exec_type, file_type;
allow tzdatacheck zoneinfo_data_file:dir create_dir_perms;
diff --git a/public/vdc.te b/public/vdc.te
index 394ac96..67fb7a3 100644
--- a/public/vdc.te
+++ b/public/vdc.te
@@ -5,7 +5,7 @@
# We also transition into this domain from dumpstate, when
# collecting bug reports.
-type vdc, domain, domain_deprecated;
+type vdc, domain;
type vdc_exec, exec_type, file_type;
unix_socket_connect(vdc, vold, vold)