Revert "Make transition to "postinstall" domain explicit."

This reverts commit 20e3960e245f6dfa57fa5c9124b0fd33e679f723.

Bug: 28008031

Change-Id: If5fcb949dee91779bea465793ec2b333d27a704e
diff --git a/Android.mk b/Android.mk
index 633baa2..afb14a6 100644
--- a/Android.mk
+++ b/Android.mk
@@ -149,7 +149,6 @@
 ue_libpayload_consumer_exported_shared_libraries := \
     libcrypto-host \
     libcurl-host \
-    libselinux \
     libssl-host \
     $(ue_update_metadata_protos_exported_shared_libraries)
 
diff --git a/common/subprocess.cc b/common/subprocess.cc
index 9473f10..9738b1d 100644
--- a/common/subprocess.cc
+++ b/common/subprocess.cc
@@ -32,9 +32,6 @@
 #include <base/strings/stringprintf.h>
 #include <brillo/process.h>
 #include <brillo/secure_blob.h>
-#ifdef __ANDROID__
-#include <selinux/selinux.h>
-#endif  // __ANDROID__
 
 #include "update_engine/common/utils.h"
 
@@ -47,9 +44,7 @@
 
 namespace {
 
-bool SetupChild(const std::map<string, string>& env,
-                uint32_t flags,
-                const char* se_domain) {
+bool SetupChild(const std::map<string, string>& env, uint32_t flags) {
   // Setup the environment variables.
   clearenv();
   for (const auto& key_value : env) {
@@ -68,15 +63,6 @@
     return false;
   IGNORE_EINTR(close(fd));
 
-#ifdef __ANDROID__
-  // setexeccon(3) accepts a nullptr to indicate the default context policy.
-  if (setexeccon(se_domain) < 0) {
-    PLOG(ERROR) << "Error setting the SELinux domain to "
-                << (se_domain ? se_domain : "<nullptr>");
-    return false;
-  }
-#endif  // __ANDROID__
-
   return true;
 }
 
@@ -88,7 +74,6 @@
 bool LaunchProcess(const vector<string>& cmd,
                    uint32_t flags,
                    const vector<int>& output_pipes,
-                   const char* se_domain,
                    brillo::Process* proc) {
   for (const string& arg : cmd)
     proc->AddArg(arg);
@@ -107,7 +92,7 @@
   }
   proc->SetCloseUnusedFileDescriptors(true);
   proc->RedirectUsingPipe(STDOUT_FILENO, false);
-  proc->SetPreExecCallback(base::Bind(&SetupChild, env, flags, se_domain));
+  proc->SetPreExecCallback(base::Bind(&SetupChild, env, flags));
 
   return proc->Start();
 }
@@ -185,17 +170,16 @@
 
 pid_t Subprocess::Exec(const vector<string>& cmd,
                        const ExecCallback& callback) {
-  return ExecFlags(cmd, kRedirectStderrToStdout, {}, nullptr, callback);
+  return ExecFlags(cmd, kRedirectStderrToStdout, {}, callback);
 }
 
 pid_t Subprocess::ExecFlags(const vector<string>& cmd,
                             uint32_t flags,
                             const vector<int>& output_pipes,
-                            const char* se_domain,
                             const ExecCallback& callback) {
   unique_ptr<SubprocessRecord> record(new SubprocessRecord(callback));
 
-  if (!LaunchProcess(cmd, flags, output_pipes, se_domain, &record->proc)) {
+  if (!LaunchProcess(cmd, flags, output_pipes, &record->proc)) {
     LOG(ERROR) << "Failed to launch subprocess";
     return 0;
   }
@@ -264,7 +248,7 @@
   // It doesn't make sense to redirect some pipes in the synchronous case
   // because we won't be reading on our end, so we don't expose the output_pipes
   // in this case.
-  if (!LaunchProcess(cmd, flags, {}, nullptr, &proc)) {
+  if (!LaunchProcess(cmd, flags, {}, &proc)) {
     LOG(ERROR) << "Failed to launch subprocess";
     return false;
   }
diff --git a/common/subprocess.h b/common/subprocess.h
index 6c99c8d..b655fb7 100644
--- a/common/subprocess.h
+++ b/common/subprocess.h
@@ -73,7 +73,6 @@
   pid_t ExecFlags(const std::vector<std::string>& cmd,
                   uint32_t flags,
                   const std::vector<int>& output_pipes,
-                  const char* se_domain,
                   const ExecCallback& callback);
 
   // Kills the running process with SIGTERM and ignores the callback.
diff --git a/common/subprocess_unittest.cc b/common/subprocess_unittest.cc
index d5e33bb..5ca44e8 100644
--- a/common/subprocess_unittest.cc
+++ b/common/subprocess_unittest.cc
@@ -148,7 +148,6 @@
       {kBinPath "/sh", "-c", "echo on stdout; echo on stderr >&2"},
       0,
       {},
-      nullptr,
       base::Bind(&ExpectedResults, 0, "on stdout\n")));
   loop_.Run();
 }
@@ -159,7 +158,6 @@
       {kBinPath "/sh", "-c", "echo on pipe >&3"},
       0,
       {3},
-      nullptr,
       base::Bind(&ExpectedDataOnPipe, &subprocess_, &pid, 3, "on pipe\n", 0));
   EXPECT_NE(0, pid);
 
@@ -176,7 +174,10 @@
   const vector<string> cmd = {kBinPath "/sh", "-c",
      base::StringPrintf("echo on pipe >/proc/self/fd/%d", pipe.writer)};
   EXPECT_TRUE(subprocess_.ExecFlags(
-      cmd, 0, {}, nullptr, base::Bind(&ExpectedResults, 1, "")));
+      cmd,
+      0,
+      {},
+      base::Bind(&ExpectedResults, 1, "")));
   loop_.Run();
 }
 
diff --git a/p2p_manager.cc b/p2p_manager.cc
index bcfe156..127e5ff 100644
--- a/p2p_manager.cc
+++ b/p2p_manager.cc
@@ -396,10 +396,7 @@
 
     // We expect to run just "p2p-client" and find it in the path.
     child_pid_ = Subprocess::Get().ExecFlags(
-        cmd,
-        Subprocess::kSearchPath,
-        {},
-        nullptr,
+        cmd, Subprocess::kSearchPath, {},
         Bind(&LookupData::OnLookupDone, base::Unretained(this)));
 
     if (!child_pid_) {
diff --git a/payload_consumer/postinstall_runner_action.cc b/payload_consumer/postinstall_runner_action.cc
index dc4af71..db1ec3c 100644
--- a/payload_consumer/postinstall_runner_action.cc
+++ b/payload_consumer/postinstall_runner_action.cc
@@ -43,9 +43,6 @@
 // sample_images.sh file.
 const int kPostinstallStatusFd = 3;
 
-// The SELinux domain where the postinstall program runs.
-const char* kPostinstallDomain = "postinstall";
-
 }  // namespace
 
 namespace chromeos_update_engine {
@@ -170,7 +167,6 @@
       command,
       Subprocess::kRedirectStderrToStdout,
       {kPostinstallStatusFd},
-      kPostinstallDomain,
       base::Bind(&PostinstallRunnerAction::CompletePartitionPostinstall,
                  base::Unretained(this)));
   // Subprocess::Exec should never return a negative process id.