Move sensord sepolicy

Sensord move in ag/2106763 should be accompanied by corresponding
sepolicy move of sensord-related files/declarations.

Bug: 36996994
Test: Sailfish build shows no related permission errors
Change-Id: Ibe41b363f7ca2752b5d3e0961298985cf784663d

private/app.te

@@ -300,8 +300,6 @@ allow appdomain app_fuse_file:file { getattr read append write };
 pdx_client({ appdomain -isolated_app -ephemeral_app }, display_client)
 pdx_client({ appdomain -isolated_app -ephemeral_app }, display_manager)
 pdx_client({ appdomain -isolated_app -ephemeral_app }, display_vsync)
-pdx_client({ appdomain -isolated_app -ephemeral_app }, sensors_client)
-pdx_client({ appdomain -isolated_app -ephemeral_app }, pose_client)
 pdx_client({ appdomain -isolated_app -ephemeral_app }, performance_client)
 # Apps do not directly open the IPC socket for bufferhubd.
 pdx_use({ appdomain -isolated_app -ephemeral_app }, bufferhub_client)

private/file_contexts

@@ -134,10 +134,6 @@
 /dev/socket/pdx/system/buffer_hub/client	u:object_r:pdx_bufferhub_client_endpoint_socket:s0
 /dev/socket/pdx/system/performance	u:object_r:pdx_performance_dir:s0
 /dev/socket/pdx/system/performance/client	u:object_r:pdx_performance_client_endpoint_socket:s0
-/dev/socket/pdx/system/vr/sensors	u:object_r:pdx_sensors_dir:s0
-/dev/socket/pdx/system/vr/sensors/client	u:object_r:pdx_sensors_client_endpoint_socket:s0
-/dev/socket/pdx/system/vr/pose	u:object_r:pdx_pose_dir:s0
-/dev/socket/pdx/system/vr/pose/client	u:object_r:pdx_pose_client_endpoint_socket:s0
 /dev/socket/pdx/system/vr/display	u:object_r:pdx_display_dir:s0
 /dev/socket/pdx/system/vr/display/client	u:object_r:pdx_display_client_endpoint_socket:s0
 /dev/socket/pdx/system/vr/display/manager	u:object_r:pdx_display_manager_endpoint_socket:s0
@@ -198,7 +194,6 @@
 /system/bin/surfaceflinger	u:object_r:surfaceflinger_exec:s0
 /system/bin/bufferhubd	u:object_r:bufferhubd_exec:s0
 /system/bin/performanced	u:object_r:performanced_exec:s0
-/system/bin/sensord	u:object_r:sensord_exec:s0
 /system/bin/drmserver	u:object_r:drmserver_exec:s0
 /system/bin/dumpstate   u:object_r:dumpstate_exec:s0
 /system/bin/incident   u:object_r:incident_exec:s0

private/sensord.te

-typeattribute sensord coredomain;
-
-init_daemon_domain(sensord)

private/surfaceflinger.te

@@ -98,8 +98,6 @@ pdx_server(surfaceflinger, display_vsync)
 
 pdx_client(surfaceflinger, bufferhub_client)
 pdx_client(surfaceflinger, performance_client)
-pdx_client(surfaceflinger, sensors_client)
-pdx_client(surfaceflinger, pose_client)
 
 ###
 ### Neverallow rules

public/attributes

@@ -164,8 +164,6 @@ pdx_service_attributes(display_manager)
 pdx_service_attributes(display_screenshot)
 pdx_service_attributes(display_vsync)
 pdx_service_attributes(performance_client)
-pdx_service_attributes(sensors_client)
-pdx_service_attributes(pose_client);
 pdx_service_attributes(bufferhub_client)
 
 # All HAL servers

public/file.te

@@ -283,8 +283,6 @@ type gps_control, file_type;
 # PDX endpoint types
 type pdx_display_dir, pdx_endpoint_dir_type, file_type;
 type pdx_performance_dir, pdx_endpoint_dir_type, file_type;
-type pdx_sensors_dir, pdx_endpoint_dir_type, file_type;
-type pdx_pose_dir, pdx_endpoint_dir_type, file_type;
 type pdx_bufferhub_dir, pdx_endpoint_dir_type, file_type;
 
 pdx_service_socket_types(display_client, pdx_display_dir)
@@ -292,8 +290,6 @@ pdx_service_socket_types(display_manager, pdx_display_dir)
 pdx_service_socket_types(display_screenshot, pdx_display_dir)
 pdx_service_socket_types(display_vsync, pdx_display_dir)
 pdx_service_socket_types(performance_client, pdx_performance_dir)
-pdx_service_socket_types(sensors_client, pdx_sensors_dir)
-pdx_service_socket_types(pose_client, pdx_pose_dir)
 pdx_service_socket_types(bufferhub_client, pdx_bufferhub_dir)
 
 # file_contexts files

public/performanced.te

@@ -10,9 +10,9 @@ allow performanced self:capability { setuid setgid sys_nice };
 # Access /proc to validate we're only affecting threads in the same thread group.
 # Performanced also shields unbound kernel threads.  It scans every task in the
 # root cpu set, but only affects the kernel threads.
-r_dir_file(performanced, { appdomain bufferhubd kernel sensord surfaceflinger })
+r_dir_file(performanced, { appdomain bufferhubd kernel surfaceflinger })
 dontaudit performanced domain:dir read;
-allow performanced { appdomain bufferhubd kernel sensord surfaceflinger }:process setsched;
+allow performanced { appdomain bufferhubd kernel surfaceflinger }:process setsched;
 
 # Access /dev/cpuset/cpuset.cpus
 r_dir_file(performanced, cgroup)

public/sensord.te

-# sensord
-type sensord, domain, mlstrustedsubject;
-type sensord_exec, exec_type, file_type;
-
-hal_client_domain(sensord, hal_graphics_allocator)
-allow sensord hal_graphics_allocator:fd use;
-
-pdx_server(sensord, sensors_client)
-pdx_server(sensord, pose_client)
-pdx_client(sensord, bufferhub_client)
-pdx_client(sensord, performance_client)
-
-# Access /dev/ion
-allow sensord ion_device:chr_file r_file_perms;
-
-allow sensord sensors_device:chr_file rw_file_perms;
-
-binder_use(sensord)
-binder_call(sensord, system_server)
-allow sensord system_server:unix_stream_socket { read write };
-
-allow sensord sensorservice_service:service_manager find;
-# permission_service is used by the NDK sensor APIs.
-allow sensord permission_service:service_manager find;