Remove su_exec from Microdroid
Microdroid doesn't have the executable `su`. Removing su_exec and any
reference to it.
Bug: N/A
Test: run Microdroid instance and adb root works.
Change-Id: If6c356acbf85ba20a1face3e29e4cb38d002ea06
diff --git a/microdroid/system/private/domain.te b/microdroid/system/private/domain.te
index 04a9859..7d4fc8a 100644
--- a/microdroid/system/private/domain.te
+++ b/microdroid/system/private/domain.te
@@ -418,11 +418,6 @@
# Feature parity with Chromium LSM.
neverallow * { file_type fs_type dev_type }:{ lnk_file fifo_file sock_file } mounton;
-# Nobody should be able to execute su on user builds.
-# On userdebug/eng builds, only shell, and
-# su itself execute su.
-neverallow { domain userdebug_or_eng(`-shell -su') } su_exec:file no_x_file_perms;
-
neverallow { domain -init } proc:{ file dir } mounton;
# Ensure that all types assigned to processes are included
diff --git a/microdroid/system/private/su.te b/microdroid/system/private/su.te
index 1196262..6b7c18c 100644
--- a/microdroid/system/private/su.te
+++ b/microdroid/system/private/su.te
@@ -1,8 +1,6 @@
userdebug_or_eng(`
typeattribute su coredomain;
- domain_auto_trans(shell, su_exec, su)
-
# su is also permissive to permit setenforce.
permissive su;
diff --git a/microdroid/system/public/su.te b/microdroid/system/public/su.te
index dbb3158..4065f4a 100644
--- a/microdroid/system/public/su.te
+++ b/microdroid/system/public/su.te
@@ -5,9 +5,6 @@
# policy compilation succeeds with userdebug/user combination at boot
type su, domain;
-# File types must be defined for file_contexts.
-type su_exec, system_file_type, exec_type, file_type;
-
userdebug_or_eng(`
# Add su to various domains
net_domain(su)