From 40d4b0b6cce6697b28bc4736b47069b5e1ebd4e2 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Thu, 15 Nov 2018 18:51:58 -0800
Subject: [PATCH] Delete get_prop(su, ...) rules

It is unnecessary to use get_prop() rules for the su domain. The
su domain is always in permissive mode [1] and not subject to SELinux
enforcement. It's also possible these rules were added to avoid SELinux
denial log spam from showing up, however, there are already dontaudit
rules in place [2] to prevent this.

Delete the unnecessary rules.

[1] https://android.googlesource.com/platform/system/sepolicy/+/96b62a60c2ccae777fdcabe7d2ed28b52056860b/private/su.te#19
[2] https://android.googlesource.com/platform/system/sepolicy/+/96b62a60c2ccae777fdcabe7d2ed28b52056860b/public/su.te#42

Test: policy compiles
Change-Id: I5913f360738725bf915f0606d381029b9ba4318f
---
 public/domain.te | 13 -------------
 1 file changed, 13 deletions(-)

diff --git a/public/domain.te b/public/domain.te
index 0843a222f..13f52dc23 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -111,19 +111,6 @@ compatible_property_only(`
     get_prop({coredomain appdomain shell}, exported3_default_prop)
     get_prop({coredomain appdomain shell}, exported3_radio_prop)
     get_prop({coredomain appdomain shell}, exported3_system_prop)
-    userdebug_or_eng(`
-        get_prop(su, core_property_type)
-        get_prop(su, exported_dalvik_prop)
-        get_prop(su, exported_ffs_prop)
-        get_prop(su, exported_system_radio_prop)
-        get_prop(su, exported2_config_prop)
-        get_prop(su, exported2_radio_prop)
-        get_prop(su, exported2_system_prop)
-        get_prop(su, exported2_vold_prop)
-        get_prop(su, exported3_default_prop)
-        get_prop(su, exported3_radio_prop)
-        get_prop(su, exported3_system_prop)
-    ')
     get_prop({domain -coredomain -appdomain}, vendor_default_prop)
 ')
 
-- 
GitLab