remove more domain_deprecated

Test: no denials showing up in log collection Test: device boots Bug: 28760354 Change-Id: I089cfcf486464952fcbb52cce9f6152caf662c23

remove more domain_deprecated
Test: no denials showing up in log collection Test: device boots Bug: 28760354 Change-Id: I089cfcf486464952fcbb52cce9f6152caf662c23
6a259ccd · Nick Kralevich · 3e8dbf01 · 6a259ccd · 6a259ccd · 6a259ccd
Commit 6a259ccd authored 8 years ago by Nick Kralevich
--- a/public/blkid.te
+++ b/public/blkid.te
 # blkid called from vold
-type blkid, domain, domain_deprecated;
+type blkid, domain;
 type blkid_exec, exec_type, file_type;

 # Allowed read-only access to encrypted devices to extract UUID/label

--- a/public/blkid_untrusted.te
+++ b/public/blkid_untrusted.te
 # blkid for untrusted block devices
-type blkid_untrusted, domain, domain_deprecated;
+type blkid_untrusted, domain;

 # Allowed read-only access to vold block devices to extract UUID/label
 allow blkid_untrusted block_device:dir search;

--- a/public/dnsmasq.te
+++ b/public/dnsmasq.te
 # DNS, DHCP services
-type dnsmasq, domain, domain_deprecated;
+type dnsmasq, domain;
 type dnsmasq_exec, exec_type, file_type;

 net_domain(dnsmasq)

--- a/public/idmap.te
+++ b/public/idmap.te
 # idmap, when executed by installd
-type idmap, domain, domain_deprecated;
+type idmap, domain;
 type idmap_exec, exec_type, file_type;

 # Use open file to /data/resource-cache file inherited from installd.

--- a/public/nfc.te
+++ b/public/nfc.te
 # nfc subsystem
-type nfc, domain, domain_deprecated;
+type nfc, domain;

 net_domain(nfc)
 binder_service(nfc)

--- a/public/sgdisk.te
+++ b/public/sgdisk.te
 # sgdisk called from vold
-type sgdisk, domain, domain_deprecated;
+type sgdisk, domain;
 type sgdisk_exec, exec_type, file_type;

 # Allowed to read/write low-level partition tables

--- a/public/surfaceflinger.te
+++ b/public/surfaceflinger.te
 # surfaceflinger - display compositor service
-type surfaceflinger, domain, domain_deprecated;
+type surfaceflinger, domain;
 type surfaceflinger_exec, exec_type, file_type;

 typeattribute surfaceflinger mlstrustedsubject;

--- a/public/tzdatacheck.te
+++ b/public/tzdatacheck.te
 # The tzdatacheck command run by init.
-type tzdatacheck, domain, domain_deprecated;
+type tzdatacheck, domain;
 type tzdatacheck_exec, exec_type, file_type;

 allow tzdatacheck zoneinfo_data_file:dir create_dir_perms;

--- a/public/vdc.te
+++ b/public/vdc.te
@@ -5,7 +5,7 @@
 # We also transition into this domain from dumpstate, when
 # collecting bug reports.

-type vdc, domain, domain_deprecated;
+type vdc, domain;
 type vdc_exec, exec_type, file_type;

 unix_socket_connect(vdc, vold, vold)