Revert "Root of /data belongs to init"
This reverts commit 206b6535f1b6793480062cb3d90f7e0af1004435.
Reason for revert: Droidfood is blocked
Bug: 140402208
Change-Id: I1d1eb014747ba5c5bb656342e53b8c4e434878d1
diff --git a/private/compat/29.0/29.0.cil b/private/compat/29.0/29.0.cil
index 2079248..86f8a8d 100644
--- a/private/compat/29.0/29.0.cil
+++ b/private/compat/29.0/29.0.cil
@@ -1780,7 +1780,7 @@
(typeattributeset system_block_device_29_0 (system_block_device))
(typeattributeset system_boot_reason_prop_29_0 (system_boot_reason_prop))
(typeattributeset system_bootstrap_lib_file_29_0 (system_bootstrap_lib_file))
-(typeattributeset system_data_file_29_0 (system_data_file system_data_root_file))
+(typeattributeset system_data_file_29_0 (system_data_file))
(typeattributeset system_event_log_tags_file_29_0 (system_event_log_tags_file))
(typeattributeset system_file_29_0 (system_file))
(typeattributeset systemkeys_data_file_29_0 (systemkeys_data_file))
diff --git a/private/file_contexts b/private/file_contexts
index 8849885..8b25cfd 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -434,8 +434,7 @@
# NOTE: When modifying existing label rules, changes may also need to
# propagate to the "Expanded data files" section.
#
-/data u:object_r:system_data_root_file:s0
-/data/(.*)? u:object_r:system_data_file:s0
+/data(/.*)? u:object_r:system_data_file:s0
/data/system/packages\.list u:object_r:packages_list_file:s0
/data/unencrypted(/.*)? u:object_r:unencrypted_data_file:s0
/data/backup(/.*)? u:object_r:backup_data_file:s0
diff --git a/private/perfetto.te b/private/perfetto.te
index e95defa..419c4b9 100644
--- a/private/perfetto.te
+++ b/private/perfetto.te
@@ -69,7 +69,6 @@
neverallow perfetto {
data_file_type
-system_data_file
- -system_data_root_file
# TODO(b/72998741) Remove exemption. Further restricted in a subsequent
# neverallow. Currently only getattr and search are allowed.
-vendor_data_file
diff --git a/private/traced.te b/private/traced.te
index 42c6704..2d7d07f 100644
--- a/private/traced.te
+++ b/private/traced.te
@@ -62,7 +62,6 @@
neverallow traced {
data_file_type
-system_data_file
- -system_data_root_file
# TODO(b/72998741) Remove vendor_data_file exemption. Further restricted in a
# subsequent neverallow. Currently only getattr and search are allowed.
-vendor_data_file
diff --git a/private/traced_probes.te b/private/traced_probes.te
index 97a7e6e..8746c34 100644
--- a/private/traced_probes.te
+++ b/private/traced_probes.te
@@ -101,7 +101,6 @@
-apk_data_file
-dalvikcache_data_file
-system_data_file
- -system_data_root_file
-system_app_data_file
-backup_data_file
-bootstat_data_file
diff --git a/private/vendor_init.te b/private/vendor_init.te
index 6a68f1f..50efc22 100644
--- a/private/vendor_init.te
+++ b/private/vendor_init.te
@@ -2,6 +2,3 @@
# Sometimes we have to write to non-existent files to avoid conditional
# init behavior. See b/35303861 for an example.
dontaudit vendor_init sysfs:dir write;
-
-# TODO(b/140259336) We want to remove vendor_init in the long term but allow for now
-allow vendor_init system_data_root_file:dir rw_dir_perms;