sepolicy: nuke uncompatible policies for O bringup
Change-Id: If38fb14d420e7d1c07b7b65f3ead9a60ef0c9edb
diff --git a/sepolicy/app.te b/sepolicy/app.te
index ab082a9..f76d836 100644
--- a/sepolicy/app.te
+++ b/sepolicy/app.te
@@ -1,5 +1,5 @@
# Access OBBs (sdcard_posix) mounted by vold
# File write access allowed for FDs returned through Storage Access Framework
-allow appdomain sdcard_posix:dir r_dir_perms;
-allow appdomain sdcard_posix:file rw_file_perms;
+#allow appdomain sdcard_posix:dir r_dir_perms;
+#allow appdomain sdcard_posix:file rw_file_perms;
diff --git a/sepolicy/platform_app.te b/sepolicy/platform_app.te
index dcbfa2d..90e4f12 100644
--- a/sepolicy/platform_app.te
+++ b/sepolicy/platform_app.te
@@ -1,7 +1,7 @@
# Direct access to vold-mounted storage under /mnt/media_rw
# This is a performance optimization that allows platform apps to bypass the FUSE layer
-allow platform_app sdcard_posix:dir create_dir_perms;
-allow platform_app sdcard_posix:file create_file_perms;
+#allow platform_app sdcard_posix:dir create_dir_perms;
+#allow platform_app sdcard_posix:file create_file_perms;
# gallery2 crop avatar
allow platform_app system_app_data_file:file { create_file_perms rw_file_perms };
diff --git a/sepolicy/vold.te b/sepolicy/vold.te
index 1a1d1ad..a72bcdf 100644
--- a/sepolicy/vold.te
+++ b/sepolicy/vold.te
@@ -6,7 +6,7 @@
# Allow vold to manage ASEC
allow vold sdcard_type:file create_file_perms;
-allow vold vold_tmpfs:file create_file_perms;
+#allow vold vold_tmpfs:file create_file_perms;
# Allow vold to access fuse for fuse-based fs
allow vold fuse_device:chr_file rw_file_perms;