Delete get_prop(su, ...) rules

It is unnecessary to use get_prop() rules for the su domain. The su domain is always in permissive mode [1] and not subject to SELinux enforcement. It's also possible these rules were added to avoid SELinux denial log spam from showing up, however, there are already dontaudit rules in place [2] to prevent this. Delete the unnecessary rules. [1] https://android.googlesource.com/platform/system/sepolicy/+/96b62a60c2ccae777fdcabe7d2ed28b52056860b/private/su.te#19 [2] https://android.googlesource.com/platform/system/sepolicy/+/96b62a60c2ccae777fdcabe7d2ed28b52056860b/public/su.te#42 Test: policy compiles Change-Id: I5913f360738725bf915f0606d381029b9ba4318f

Delete get_prop(su, ...) rules
It is unnecessary to use get_prop() rules for the su domain. The su domain is always in permissive mode [1] and not subject to SELinux enforcement. It's also possible these rules were added to avoid SELinux denial log spam from showing up, however, there are already dontaudit rules in place [2] to prevent this. Delete the unnecessary rules. [1] https://android.googlesource.com/platform/system/sepolicy/+/96b62a60c2ccae777fdcabe7d2ed28b52056860b/private/su.te#19 [2] https://android.googlesource.com/platform/system/sepolicy/+/96b62a60c2ccae777fdcabe7d2ed28b52056860b/public/su.te#42 Test: policy compiles Change-Id: I5913f360738725bf915f0606d381029b9ba4318f
40d4b0b6 · Nick Kralevich · 96b62a60 · 40d4b0b6
Commit 40d4b0b6 authored 6 years ago by Nick Kralevich
--- a/public/domain.te
+++ b/public/domain.te
@@ -111,19 +111,6 @@ compatible_property_only(`
    get_prop({coredomain appdomain shell}, exported3_default_prop)
    get_prop({coredomain appdomain shell}, exported3_radio_prop)
    get_prop({coredomain appdomain shell}, exported3_system_prop)
-    userdebug_or_eng(`
-        get_prop(su, core_property_type)
-        get_prop(su, exported_dalvik_prop)
-        get_prop(su, exported_ffs_prop)
-        get_prop(su, exported_system_radio_prop)
-        get_prop(su, exported2_config_prop)
-        get_prop(su, exported2_radio_prop)
-        get_prop(su, exported2_system_prop)
-        get_prop(su, exported2_vold_prop)
-        get_prop(su, exported3_default_prop)
-        get_prop(su, exported3_radio_prop)
-        get_prop(su, exported3_system_prop)
-    ')
    get_prop({domain -coredomain -appdomain}, vendor_default_prop)
 ')