vendor: remove custom sepolicies for now
Change-Id: I971a0f8f5e966738f3128519e54ddf638f920ff5
diff --git a/sepolicy/app.te b/sepolicy/app.te
index ab082a9..f76d836 100644
--- a/sepolicy/app.te
+++ b/sepolicy/app.te
@@ -1,5 +1,5 @@
# Access OBBs (sdcard_posix) mounted by vold
# File write access allowed for FDs returned through Storage Access Framework
-allow appdomain sdcard_posix:dir r_dir_perms;
-allow appdomain sdcard_posix:file rw_file_perms;
+#allow appdomain sdcard_posix:dir r_dir_perms;
+#allow appdomain sdcard_posix:file rw_file_perms;
diff --git a/sepolicy/file.te b/sepolicy/file.te
index b16b25b..18780db 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -2,6 +2,6 @@
# OmniROM common sepolicy
#
-type sysfs_ioscheduler, fs_type, sysfs_type;
-type sysfs_zram, fs_type, sysfs_type;
-type sysfs_ksm, fs_type, sysfs_type;
+#type sysfs_ioscheduler, fs_type, sysfs_type;
+#type sysfs_zram, fs_type, sysfs_type;
+#type sysfs_ksm, fs_type, sysfs_type;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index fab68a8..e8d6201 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -3,12 +3,12 @@
#
# performance-related sysfs files
-/sys/kernel/mm/ksm(/.*)? u:object_r:sysfs_ksm:s0
+#/sys/kernel/mm/ksm(/.*)? u:object_r:sysfs_ksm:s0
/sys/block/zram(/.*)? u:object_r:sysfs_zram:s0
-/sys/block/mmcblk([0-2])/queue/scheduler -- u:object_r:sysfs_ioscheduler:s0
-/sys/block/mmcblk([0-2])/queue/read_ahead_kb -- u:object_r:sysfs_ioscheduler:s0
-/sys/devices/.*/queue/scheduler -- u:object_r:sysfs_ioscheduler:s0
-/sys/devices/.*/queue/read_ahead_kb -- u:object_r:sysfs_ioscheduler:s0
+#/sys/block/mmcblk([0-2])/queue/scheduler -- u:object_r:sysfs_ioscheduler:s0
+#/sys/block/mmcblk([0-2])/queue/read_ahead_kb -- u:object_r:sysfs_ioscheduler:s0
+#/sys/devices/.*/queue/scheduler -- u:object_r:sysfs_ioscheduler:s0
+#/sys/devices/.*/queue/read_ahead_kb -- u:object_r:sysfs_ioscheduler:s0
/system/bin/sysinit u:object_r:sysinit_exec:s0
/system/etc/init.d/90userinit u:object_r:userinit_exec:s0
diff --git a/sepolicy/genfs_contexts b/sepolicy/genfs_contexts
index c2f47fb..707592e 100644
--- a/sepolicy/genfs_contexts
+++ b/sepolicy/genfs_contexts
@@ -3,6 +3,6 @@
#
# treat fuseblk as sdcard_external
-genfscon fuseblk / u:object_r:sdcard_external:s0
-genfscon exfat / u:object_r:sdcard_external:s0
-genfscon ntfs / u:object_r:sdcard_external:s0
+#genfscon fuseblk / u:object_r:sdcard_external:s0
+#genfscon exfat / u:object_r:sdcard_external:s0
+#genfscon ntfs / u:object_r:sdcard_external:s0
diff --git a/sepolicy/init.te b/sepolicy/init.te
index 853faa2..0fef3e7 100644
--- a/sepolicy/init.te
+++ b/sepolicy/init.te
@@ -3,4 +3,4 @@
#
# damn!
-allow init sysfs_ioscheduler:file rw_file_perms;
+#allow init sysfs_ioscheduler:file rw_file_perms;
diff --git a/sepolicy/installd.te b/sepolicy/installd.te
index 7b32027..449d35b 100644
--- a/sepolicy/installd.te
+++ b/sepolicy/installd.te
@@ -1,4 +1,4 @@
# Allow querying of asec size on SD card
-allow installd sdcard_external:dir { search };
-allow installd sdcard_external:file { getattr };
+#allow installd sdcard_external:dir { search };
+#allow installd sdcard_external:file { getattr };
diff --git a/sepolicy/platform_app.te b/sepolicy/platform_app.te
index d01f20f..5cd18a3 100644
--- a/sepolicy/platform_app.te
+++ b/sepolicy/platform_app.te
@@ -1,10 +1,10 @@
# Direct access to vold-mounted storage under /mnt/media_rw
# This is a performance optimization that allows platform apps to bypass the FUSE layer
-allow platform_app sdcard_posix:dir create_dir_perms;
-allow platform_app sdcard_posix:file create_file_perms;
+#allow platform_app sdcard_posix:dir create_dir_perms;
+#allow platform_app sdcard_posix:file create_file_perms;
# e.g. renderscript in Gallery2 wants execute perms
-allow platform_app app_data_file:file execute;
+#allow platform_app app_data_file:file execute;
# gallery2 crop avatar
-allow platform_app system_app_data_file:file { create_file_perms rw_file_perms };
+#allow platform_app system_app_data_file:file { create_file_perms rw_file_perms };
diff --git a/sepolicy/system_app.te b/sepolicy/system_app.te
index 7d8a42e..a142f29 100644
--- a/sepolicy/system_app.te
+++ b/sepolicy/system_app.te
@@ -3,11 +3,11 @@
#
allow system_app sysfs_lowmemorykiller:file rw_file_perms;
-allow system_app sysfs_devices_system_cpu:file rw_file_perms;
-allow system_app sysfs_ioscheduler:file rw_file_perms;
-allow system_app sysfs_zram:file rw_file_perms;
-allow system_app sysfs_ksm:file rw_file_perms;
+#allow system_app sysfs_devices_system_cpu:file rw_file_perms;
+#allow system_app sysfs_ioscheduler:file rw_file_perms;
+#allow system_app sysfs_zram:file rw_file_perms;
+#allow system_app sysfs_ksm:file rw_file_perms;
# Read /sys/kernel/debug/wakeup_sources.
-allow system_app debugfs:file r_file_perms;
+#allow system_app debugfs:file r_file_perms;
diff --git a/sepolicy/vold.te b/sepolicy/vold.te
index 14b4d34..fdbbd47 100644
--- a/sepolicy/vold.te
+++ b/sepolicy/vold.te
@@ -5,7 +5,7 @@
domain_trans(init, rootfs, vold)
# Allow vold to manage ASEC
-allow vold sdcard_external:file create_file_perms;
+#allow vold sdcard_external:file create_file_perms;
allow vold vold_tmpfs:file create_file_perms;
# Allow vold to access fuse for fuse-based fs