From 4b4b2b92939cd25095e247d0ed78f600fe40036d Mon Sep 17 00:00:00 2001
From: dcashman <dcashman@google.com>
Date: Mon, 8 Jun 2015 11:21:54 -0700
Subject: [PATCH] Remove service_manager_local_audit_domain.

service_manager_local_audit_domain was used to fine tune the service_manager
auditallow rules when introducing the service_manager SELinux rules.  This is no
longer needed.

(cherry-pick of commit: eab26faa60cc0fdadfe128433e0357bdde3f9d9b)

Bug: 21656807
Change-Id: Ia042a887e7bf9eb2a2b08b8d831e68dfe6395f75
---
 attributes      | 3 ---
 dumpstate.te    | 1 -
 isolated_app.te | 2 --
 shell.te        | 1 -
 su.te           | 1 -
 te_macros       | 8 --------
 6 files changed, 16 deletions(-)

diff --git a/attributes b/attributes
index a9b211fd0..e42edd615 100644
--- a/attributes
+++ b/attributes
@@ -73,6 +73,3 @@ attribute bluetoothdomain;
 
 # All domains used for binder service domains.
 attribute binderservicedomain;
-
-# All domains that are excluded from the domain.te auditallow.
-attribute service_manager_local_audit;
diff --git a/dumpstate.te b/dumpstate.te
index 43daac4ac..584b1406f 100644
--- a/dumpstate.te
+++ b/dumpstate.te
@@ -109,6 +109,5 @@ allow dumpstate tombstone_data_file:file r_file_perms;
 
 allow dumpstate { service_manager_type -gatekeeper_service }:service_manager find;
 allow dumpstate servicemanager:service_manager list;
-service_manager_local_audit_domain(dumpstate)
 
 allow dumpstate devpts:chr_file rw_file_perms;
diff --git a/isolated_app.te b/isolated_app.te
index b50bb783c..330f0af38 100644
--- a/isolated_app.te
+++ b/isolated_app.te
@@ -18,8 +18,6 @@ allow isolated_app app_data_file:file { read write getattr lock };
 allow isolated_app activity_service:service_manager find;
 allow isolated_app display_service:service_manager find;
 
-service_manager_local_audit_domain(isolated_app)
-
 # only allow unprivileged socket ioctl commands
 allow isolated_app self:{ rawip_socket tcp_socket udp_socket } unpriv_sock_ioctls;
 
diff --git a/shell.te b/shell.te
index ac553462a..1be9eec97 100644
--- a/shell.te
+++ b/shell.te
@@ -63,7 +63,6 @@ allow shell kernel:system syslog_read;
 allow shell servicemanager:service_manager list;
 # don't allow shell to access GateKeeper service
 allow shell { service_manager_type -gatekeeper_service }:service_manager find;
-service_manager_local_audit_domain(shell)
 
 # allow shell to look through /proc/ for ps, top
 allow shell domain:dir { search open read getattr };
diff --git a/su.te b/su.te
index 9c01fc530..d4a488ba3 100644
--- a/su.te
+++ b/su.te
@@ -50,5 +50,4 @@ userdebug_or_eng(`
   dontaudit su domain:debuggerd *;
   dontaudit su domain:drmservice *;
   dontaudit su unlabeled:filesystem *;
-  service_manager_local_audit_domain(su)
 ')
diff --git a/te_macros b/te_macros
index 100c734e5..70b18834b 100644
--- a/te_macros
+++ b/te_macros
@@ -346,14 +346,6 @@ define(`use_keystore', `
   binder_call($1, keystore)
 ')
 
-###########################################
-# service_manager_local_audit_domain(domain)
-# Has its own auditallow rule on service_manager
-# and should be excluded from the domain.te auditallow.
-define(`service_manager_local_audit_domain', `
-  typeattribute $1 service_manager_local_audit;
-')
-
 ###########################################
 # use_drmservice(domain)
 # Ability to use DrmService which requires
-- 
GitLab