Merge "reduce duplicate SELinux rules" am: b4720ae7

am: d266768a

* commit 'd266768a':
  reduce duplicate SELinux rules

Change-Id: Id2ebcc7fb73442f34b643f074c7317ebfe60c41c

system_server.te

@@ -121,9 +121,6 @@ allow system_server node:rawip_socket node_bind;
 # 3rd party VPN clients require a tun_socket to be created
 allow system_server self:tun_socket create_socket_perms;
 
-# Notify init of death.
-allow system_server init:process sigchld;
-
 # Talk to init and various daemons via sockets.
 unix_socket_connect(system_server, installd, installd)
 unix_socket_connect(system_server, lmkd, lmkd)

te_macros

@@ -13,7 +13,7 @@ allow $1 $3:process transition;
 # New domain is entered by executing the file.
 allow $3 $2:file { entrypoint open read execute getattr };
 # New domain can send SIGCHLD to its caller.
-allow $3 $1:process sigchld;
+ifelse($1, `init', `', `allow $3 $1:process sigchld;')
 # Enable AT_SECURE, i.e. libc secure mode.
 dontaudit $1 $3:process noatsecure;
 # XXX dontaudit candidate but requires further study.

ueventd.te

@@ -8,7 +8,6 @@ tmpfs_domain(ueventd)
 type_transition ueventd device:chr_file klog_device "__kmsg__";
 allow ueventd klog_device:chr_file { create open write unlink };
 
-allow ueventd init:process sigchld;
 allow ueventd self:capability { chown mknod net_admin setgid fsetid sys_rawio dac_override fowner };
 allow ueventd device:file create_file_perms;
 allow ueventd device:chr_file rw_file_perms;