Move mdnsd policy to private
This leaves only the existence of mdnsd domain as public API. All
other rules are implementation details of this domains's policy and
are thus now private.
Test: No change to policy according to sesearch, except for
disappearance of all allow rules to do with mdnsd_current (as
expected).
Bug: 31364497
Change-Id: Ia4f01d91e7d593401e8cde2d796a0f1023f6dae4
diff --git a/private/mdnsd.te b/private/mdnsd.te
index 54659d1..2fefc32 100644
--- a/private/mdnsd.te
+++ b/private/mdnsd.te
@@ -1,3 +1,11 @@
-# type_transition must be private policy the domain_trans rules could stay
-# public, but conceptually should go with this
+# mdns daemon
+
+typeattribute mdnsd mlstrustedsubject;
+
+type mdnsd_exec, exec_type, file_type;
init_daemon_domain(mdnsd)
+
+net_domain(mdnsd)
+
+# Read from /proc/net
+r_dir_file(mdnsd, proc_net)
diff --git a/public/mdnsd.te b/public/mdnsd.te
index c32b433..ef7b065 100644
--- a/public/mdnsd.te
+++ b/public/mdnsd.te
@@ -1,8 +1,2 @@
# mdns daemon
-type mdnsd, domain, mlstrustedsubject;
-type mdnsd_exec, exec_type, file_type;
-
-net_domain(mdnsd)
-
-# Read from /proc/net
-r_dir_file(mdnsd, proc_net)
+type mdnsd, domain;