From 02dac03a8c7cc79306cf5807f86af3e01f5dc4af Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Fri, 9 May 2014 09:29:24 -0400
Subject: [PATCH] Drop relabelto_domain() macro and its associated definitions.

This was originally to limit the ability to relabel files to
particular types given the ability of all domains to relabelfrom
unlabeled files.  Since the latter was removed by
Ied84f8b4b1a0896c1b9f7d783b7463ce09d4807b, this no longer serves
any purpose.

Change-Id: Ic41e94437188183f15ed8b3732c6cd5918da3397
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 attributes       | 3 ---
 debuggerd.te     | 1 -
 domain.te        | 3 ---
 dumpstate.te     | 1 -
 init.te          | 1 -
 installd.te      | 1 -
 kernel.te        | 1 -
 recovery.te      | 1 -
 system_server.te | 1 -
 te_macros        | 7 -------
 ueventd.te       | 1 -
 vold.te          | 1 -
 12 files changed, 22 deletions(-)

diff --git a/attributes b/attributes
index 69654e32b..9d13a1b61 100644
--- a/attributes
+++ b/attributes
@@ -64,6 +64,3 @@ attribute bluetoothdomain;
 
 # All domains used for binder service domains.
 attribute binderservicedomain;
-
-# All domains which are allowed the "relabelto" permission
-attribute relabeltodomain;
diff --git a/debuggerd.te b/debuggerd.te
index 32bc185f0..d81c73ce9 100644
--- a/debuggerd.te
+++ b/debuggerd.te
@@ -12,7 +12,6 @@ allow debuggerd { domain -init -ueventd -watchdogd -healthd -adbd }:process ptra
 security_access_policy(debuggerd)
 allow debuggerd system_data_file:dir create_dir_perms;
 allow debuggerd system_data_file:dir relabelfrom;
-relabelto_domain(debuggerd)
 allow debuggerd tombstone_data_file:dir relabelto;
 allow debuggerd tombstone_data_file:dir create_dir_perms;
 allow debuggerd tombstone_data_file:file create_file_perms;
diff --git a/domain.te b/domain.te
index 38ee315ff..5e29272de 100644
--- a/domain.te
+++ b/domain.te
@@ -146,9 +146,6 @@ allow domain { asec_public_file asec_apk_file }:dir r_dir_perms;
 ### neverallow rules
 ###
 
-# Limit ability to relabel files to domains marked with relabelto_domain().
-neverallow { domain -relabeltodomain } *:dir_file_class_set relabelto;
-
 # Limit ability to ptrace or read sensitive /proc/pid files of processes
 # with other UIDs to these whitelisted domains.
 neverallow { domain -debuggerd -vold -dumpstate -system_server } self:capability sys_ptrace;
diff --git a/dumpstate.te b/dumpstate.te
index 749cc469e..f6a4ba9b7 100644
--- a/dumpstate.te
+++ b/dumpstate.te
@@ -5,7 +5,6 @@ type dumpstate_exec, exec_type, file_type;
 
 init_daemon_domain(dumpstate)
 net_domain(dumpstate)
-relabelto_domain(dumpstate)
 binder_use(dumpstate)
 
 # Drop privileges by switching UID / GID
diff --git a/init.te b/init.te
index 68eab2efb..3441dd0c3 100644
--- a/init.te
+++ b/init.te
@@ -3,7 +3,6 @@ type init, domain;
 # init is unconfined.
 unconfined_domain(init)
 tmpfs_domain(init)
-relabelto_domain(init)
 # add a rule to handle unlabelled mounts
 allow init unlabeled:filesystem mount;
 
diff --git a/installd.te b/installd.te
index 76615800e..0c9167948 100644
--- a/installd.te
+++ b/installd.te
@@ -3,7 +3,6 @@ type installd, domain;
 type installd_exec, exec_type, file_type;
 
 init_daemon_domain(installd)
-relabelto_domain(installd)
 typeattribute installd mlstrustedsubject;
 allow installd self:capability { chown dac_override fowner fsetid setgid setuid };
 allow installd system_data_file:file create_file_perms;
diff --git a/kernel.te b/kernel.te
index 88ebc5092..1ff8f682e 100644
--- a/kernel.te
+++ b/kernel.te
@@ -5,7 +5,6 @@ allow kernel init:process dyntransition;
 
 # The kernel is unconfined.
 unconfined_domain(kernel)
-relabelto_domain(kernel)
 
 allow kernel {fs_type dev_type file_type}:dir_file_class_set relabelto;
 allow kernel unlabeled:filesystem mount;
diff --git a/recovery.te b/recovery.te
index b6f82c783..5c510e407 100644
--- a/recovery.te
+++ b/recovery.te
@@ -2,7 +2,6 @@
 type recovery, domain;
 allow recovery rootfs:file entrypoint;
 unconfined_domain(recovery)
-relabelto_domain(recovery)
 
 allow recovery self:capability2 mac_admin;
 
diff --git a/system_server.te b/system_server.te
index 7a9d06327..30f302510 100644
--- a/system_server.te
+++ b/system_server.te
@@ -175,7 +175,6 @@ allow system_server { data_file_type -keystore_data_file }:notdevfile_class_set
 security_access_policy(system_server)
 
 # Relabel apk files.
-relabelto_domain(system_server)
 allow system_server { apk_tmp_file apk_private_tmp_file }:file { relabelfrom relabelto };
 allow system_server { apk_data_file apk_private_data_file }:file { relabelfrom relabelto };
 
diff --git a/te_macros b/te_macros
index ddae3dff2..ecdf8b4f8 100644
--- a/te_macros
+++ b/te_macros
@@ -111,13 +111,6 @@ tmpfs_domain($1)
 allow $1 $1_tmpfs:file execute;
 ')
 
-#####################################
-# relabelto_domain(domain)
-# Allows this domain to use the relabelto permission
-define(`relabelto_domain', `
-typeattribute $1 relabeltodomain;
-')
-
 #####################################
 # net_domain(domain)
 # Allow a base set of permissions required for network access.
diff --git a/ueventd.te b/ueventd.te
index f02b899df..babebe04d 100644
--- a/ueventd.te
+++ b/ueventd.te
@@ -4,7 +4,6 @@ type ueventd, domain;
 tmpfs_domain(ueventd)
 write_klog(ueventd)
 security_access_policy(ueventd)
-relabelto_domain(ueventd)
 allow ueventd rootfs:file entrypoint;
 allow ueventd init:process sigchld;
 allow ueventd self:capability { chown mknod net_admin setgid fsetid sys_rawio dac_override fowner };
diff --git a/vold.te b/vold.te
index 350f63009..7fbba76ed 100644
--- a/vold.te
+++ b/vold.te
@@ -71,7 +71,6 @@ allow vold ctl_fuse_prop:property_service set;
 allow vold asec_image_file:file create_file_perms;
 allow vold asec_image_file:dir rw_dir_perms;
 security_access_policy(vold)
-relabelto_domain(vold)
 allow vold asec_apk_file:dir { rw_dir_perms setattr relabelfrom };
 allow vold asec_public_file:dir { relabelto setattr };
 allow vold asec_apk_file:file { r_file_perms setattr relabelfrom };
-- 
GitLab