From 02c4c3fa7b114440c24c9f2648a51ae7535d3fec Mon Sep 17 00:00:00 2001
From: Tri Vo <trong@google.com>
Date: Thu, 15 Nov 2018 14:29:49 -0800
Subject: [PATCH] Remove sepolicy for /dev/alarm.

After b/28357356 /dev/alarm is no longer used by android platform.
Also, Pixel devices don't have /dev/alarm.

Bug: 110962171
Test: boot aosp_walleye
Change-Id: Id9723996104a2548ddf366489890c098d1ea87be
---
 private/compat/28.0/28.0.cil | 1 +
 private/file_contexts        | 1 -
 private/system_server.te     | 1 -
 public/device.te             | 1 -
 public/domain.te             | 1 -
 public/hal_telephony.te      | 1 -
 public/init.te               | 1 -
 public/radio.te              | 1 -
 8 files changed, 1 insertion(+), 7 deletions(-)

diff --git a/private/compat/28.0/28.0.cil b/private/compat/28.0/28.0.cil
index d3019ecb5..323fb0a0c 100644
--- a/private/compat/28.0/28.0.cil
+++ b/private/compat/28.0/28.0.cil
@@ -1,4 +1,5 @@
 ;; types removed from current policy
+(type alarm_device)
 (type audio_seq_device)
 (type audio_timer_device)
 (type commontime_management_service)
diff --git a/private/file_contexts b/private/file_contexts
index 493d782fb..abef72b8f 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -71,7 +71,6 @@
 /dev/adf[0-9]*		u:object_r:graphics_device:s0
 /dev/adf-interface[0-9]*\.[0-9]*	u:object_r:graphics_device:s0
 /dev/adf-overlay-engine[0-9]*\.[0-9]*	u:object_r:graphics_device:s0
-/dev/alarm		u:object_r:alarm_device:s0
 /dev/ashmem		u:object_r:ashmem_device:s0
 /dev/audio.*		u:object_r:audio_device:s0
 /dev/binder		u:object_r:binder_device:s0
diff --git a/private/system_server.te b/private/system_server.te
index 509876034..3806d2394 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -325,7 +325,6 @@ allow system_server sysfs_usb:file w_file_perms;
 # Access devices.
 allow system_server device:dir r_dir_perms;
 allow system_server mdns_socket:sock_file rw_file_perms;
-allow system_server alarm_device:chr_file rw_file_perms;
 allow system_server gpu_device:chr_file rw_file_perms;
 allow system_server input_device:dir r_dir_perms;
 allow system_server input_device:chr_file rw_file_perms;
diff --git a/public/device.te b/public/device.te
index e55c86d87..57b050304 100644
--- a/public/device.te
+++ b/public/device.te
@@ -1,6 +1,5 @@
 # Device types
 type device, dev_type, fs_type;
-type alarm_device, dev_type, mlstrustedobject;
 type ashmem_device, dev_type, mlstrustedobject;
 type audio_device, dev_type;
 type binder_device, dev_type, mlstrustedobject;
diff --git a/public/domain.te b/public/domain.te
index c536c127d..d0e4e41fe 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -75,7 +75,6 @@ allow {
 not_full_treble(`allow { domain -hwservicemanager -vndservicemanager } binder_device:chr_file rw_file_perms;')
 allow { domain -servicemanager -vndservicemanager -isolated_app } hwbinder_device:chr_file rw_file_perms;
 allow domain ptmx_device:chr_file rw_file_perms;
-allow domain alarm_device:chr_file r_file_perms;
 allow domain random_device:chr_file rw_file_perms;
 allow domain proc_random:dir r_dir_perms;
 allow domain proc_random:file r_file_perms;
diff --git a/public/hal_telephony.te b/public/hal_telephony.te
index 9d0f8c035..3e4b65dfa 100644
--- a/public/hal_telephony.te
+++ b/public/hal_telephony.te
@@ -9,7 +9,6 @@ allowxperm hal_telephony_server self:udp_socket ioctl priv_sock_ioctls;
 allow hal_telephony_server self:netlink_route_socket nlmsg_write;
 allow hal_telephony_server kernel:system module_request;
 allow hal_telephony_server self:global_capability_class_set { setpcap setgid setuid net_admin net_raw };
-allow hal_telephony_server alarm_device:chr_file rw_file_perms;
 allow hal_telephony_server cgroup:dir create_dir_perms;
 allow hal_telephony_server cgroup:{ file lnk_file } r_file_perms;
 allow hal_telephony_server radio_device:chr_file rw_file_perms;
diff --git a/public/init.te b/public/init.te
index 2a8036a8b..8b95e2b5c 100644
--- a/public/init.te
+++ b/public/init.te
@@ -257,7 +257,6 @@ allow init {
 allow init { fs_type -contextmount_type -sdcard_type -rootfs }:dir  { open read setattr search };
 
 allow init {
-  alarm_device
   ashmem_device
   binder_device
   console_device
diff --git a/public/radio.te b/public/radio.te
index 05bfd8ce9..8a8bef386 100644
--- a/public/radio.te
+++ b/public/radio.te
@@ -12,7 +12,6 @@ not_full_treble(`unix_socket_connect(radio, rild, hal_telephony_server)')
 allow radio radio_data_file:dir create_dir_perms;
 allow radio radio_data_file:notdevfile_class_set create_file_perms;
 
-allow radio alarm_device:chr_file rw_file_perms;
 
 allow radio net_data_file:dir search;
 allow radio net_data_file:file r_file_perms;
-- 
GitLab