Collapse task_profiles_api_file into task_profiles_file
If ro.product.first_api_level is set, we first attempt to read
task_profiles_api_file before also reading task_profiles_file. There is
currently no point distinguishing between the API file and the regular
file in sepolicy.
Bug: 349105928
Change-Id: I7cc45fd994fd122bbd82fe0b27e0f0d7708e6149
diff --git a/private/domain.te b/private/domain.te
index 5b1364d..cbe706f 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -428,7 +428,6 @@
allow domain cgroup_rc_file:dir search;
allow domain cgroup_rc_file:file r_file_perms;
allow domain task_profiles_file:file r_file_perms;
-allow domain task_profiles_api_file:file r_file_perms;
allow domain vendor_cgroup_desc_file:file r_file_perms;
allow domain vendor_task_profiles_file:file r_file_perms;
@@ -1247,7 +1246,6 @@
-system_seccomp_policy_file
-system_security_cacerts_file
-system_zoneinfo_file
- -task_profiles_api_file
-task_profiles_file
userdebug_or_eng(`-tcpdump_exec')
# Vendor components still can invoke shell commands via /system/bin/sh
diff --git a/private/file_contexts b/private/file_contexts
index a70e143..37bdfef 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -385,7 +385,7 @@
/system/etc/selinux/plat_sepolicy\.cil u:object_r:sepolicy_file:s0
/system/etc/selinux/plat_and_mapping_sepolicy\.cil\.sha256 u:object_r:sepolicy_file:s0
/system/etc/task_profiles\.json u:object_r:task_profiles_file:s0
-/system/etc/task_profiles/task_profiles_[0-9]+\.json u:object_r:task_profiles_api_file:s0
+/system/etc/task_profiles/task_profiles_[0-9]+\.json u:object_r:task_profiles_file:s0
/system/usr/share/zoneinfo(/.*)? u:object_r:system_zoneinfo_file:s0
/system/bin/adbd u:object_r:adbd_exec:s0
/system/bin/vold_prepare_subdirs u:object_r:vold_prepare_subdirs_exec:s0