From 83f25e26f95a092be7d0fe8e35e1350ca5ad114f Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Mon, 19 Nov 2018 18:42:11 +0000
Subject: [PATCH] Revert "Add placeholder iris and face policy for vold data
 directory"

This reverts commit 92bde4b941b7078a5fdf8aec6660ca44d0ffbb49.

Reason for revert: Rebooting after OTA fails due to the
filesystem still seeing the old label on the device.

Bug: 116528212
Bug: 119747564
Change-Id: Ib5f920f85c7e305e89c377369dca038d2c6c738c
Test: rollback change
---
 private/compat/28.0/28.0.cil        | 3 +--
 private/compat/28.0/28.0.ignore.cil | 1 -
 private/file_contexts               | 8 +-------
 private/vold_prepare_subdirs.te     | 4 ++--
 public/file.te                      | 4 ++--
 public/hal_fingerprint.te           | 4 ++--
 public/tee.te                       | 4 ++--
 7 files changed, 10 insertions(+), 18 deletions(-)

diff --git a/private/compat/28.0/28.0.cil b/private/compat/28.0/28.0.cil
index f7a0c3756..d3019ecb5 100644
--- a/private/compat/28.0/28.0.cil
+++ b/private/compat/28.0/28.0.cil
@@ -3,7 +3,6 @@
 (type audio_timer_device)
 (type commontime_management_service)
 (type cpuctl_device)
-(type fingerprint_vendor_data_file)
 (type full_device)
 (type i2c_device)
 (type kmem_device)
@@ -1075,7 +1074,7 @@
 (typeattributeset fingerprintd_service_28_0 (fingerprintd_service))
 (typeattributeset fingerprint_prop_28_0 (fingerprint_prop))
 (typeattributeset fingerprint_service_28_0 (fingerprint_service))
-(typeattributeset fingerprint_vendor_data_file_28_0 (biometric_vendor_data_file))
+(typeattributeset fingerprint_vendor_data_file_28_0 (fingerprint_vendor_data_file))
 (typeattributeset firstboot_prop_28_0 (firstboot_prop))
 (typeattributeset font_service_28_0 (font_service))
 (typeattributeset frp_block_device_28_0 (frp_block_device))
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index cfc2c1a2f..cf72e3795 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -17,7 +17,6 @@
     apexd_prop
     apexd_tmpfs
     biometric_service
-    biometric_vendor_data_file
     cpu_variant_prop
     dev_cpu_variant
     device_config_boot_count_prop
diff --git a/private/file_contexts b/private/file_contexts
index a7880c0a3..acd5df984 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -482,13 +482,7 @@
 /data/system/users/[0-9]+/fpdata(/.*)? u:object_r:fingerprintd_data_file:s0
 
 # Fingerprint vendor data file
-/data/vendor_de/[0-9]+/fpdata(/.*)? u:object_r:biometric_vendor_data_file:s0
-
-# Face vendor data file
-/data/vendor_de/[0-9]+/facedata(/.*)? u:object_r:biometric_vendor_data_file:s0
-
-# Iris vendor data file
-/data/vendor_de/[0-9]+/irisdata(/.*)? u:object_r:biometric_vendor_data_file:s0
+/data/vendor_de/[0-9]+/fpdata(/.*)? u:object_r:fingerprint_vendor_data_file:s0
 
 # Bootchart data
 /data/bootchart(/.*)?		u:object_r:bootchart_data_file:s0
diff --git a/private/vold_prepare_subdirs.te b/private/vold_prepare_subdirs.te
index 8ed8f56e7..0d062e991 100644
--- a/private/vold_prepare_subdirs.te
+++ b/private/vold_prepare_subdirs.te
@@ -14,12 +14,12 @@ allow vold_prepare_subdirs {
   vendor_data_file
 }:dir { open read write add_name remove_name rmdir relabelfrom };
 allow vold_prepare_subdirs {
-    biometric_vendor_data_file
+    fingerprint_vendor_data_file
     storaged_data_file
     vold_data_file
 }:dir { create_dir_perms relabelto };
 allow vold_prepare_subdirs {
-    biometric_vendor_data_file
+    fingerprint_vendor_data_file
     storaged_data_file
     system_data_file
     vold_data_file
diff --git a/public/file.te b/public/file.te
index 9f14621cb..3d0953732 100644
--- a/public/file.te
+++ b/public/file.te
@@ -354,8 +354,8 @@ type backup_data_file, file_type, data_file_type, core_data_file_type, mlstruste
 type bluetooth_efs_file, file_type;
 # Type for fingerprint template file
 type fingerprintd_data_file, file_type, data_file_type, core_data_file_type;
-# Type for biometric template file
-type biometric_vendor_data_file, file_type, data_file_type;
+# Type for _new_ fingerprint template file
+type fingerprint_vendor_data_file, file_type, data_file_type;
 # Type for appfuse file.
 type app_fuse_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
 
diff --git a/public/hal_fingerprint.te b/public/hal_fingerprint.te
index a0222e9df..b673e291b 100644
--- a/public/hal_fingerprint.te
+++ b/public/hal_fingerprint.te
@@ -7,8 +7,8 @@ hal_attribute_hwservice(hal_fingerprint, hal_fingerprint_hwservice)
 # For memory allocation
 allow hal_fingerprint ion_device:chr_file r_file_perms;
 
-allow hal_fingerprint biometric_vendor_data_file:file { create_file_perms };
-allow hal_fingerprint biometric_vendor_data_file:dir rw_dir_perms;
+allow hal_fingerprint fingerprint_vendor_data_file:file { create_file_perms };
+allow hal_fingerprint fingerprint_vendor_data_file:dir rw_dir_perms;
 
 r_dir_file(hal_fingerprint, cgroup)
 r_dir_file(hal_fingerprint, sysfs)
diff --git a/public/tee.te b/public/tee.te
index dffe06ff7..0f9b32dc9 100644
--- a/public/tee.te
+++ b/public/tee.te
@@ -6,6 +6,6 @@ type tee, domain;
 # Device(s) for communicating with the TEE
 type tee_device, dev_type;
 
-allow tee biometric_vendor_data_file:dir rw_dir_perms;
-allow tee biometric_vendor_data_file:file create_file_perms;
+allow tee fingerprint_vendor_data_file:dir rw_dir_perms;
+allow tee fingerprint_vendor_data_file:file create_file_perms;
 
-- 
GitLab