From b805adaa16856de865712ca40ba7e232228e2f3f Mon Sep 17 00:00:00 2001
From: Tri Vo <trong@google.com>
Date: Fri, 9 Nov 2018 14:13:58 -0800
Subject: [PATCH] Remove dead *_device types from system sepolicy.

No coredomain domain has access to these types and corresponding /dev
nodes don't exist on the device:

audio_seq_device
audio_timer_device
full_device
i2c_device
vcs_device

Bug: 110962171
Test: m selinux_policy
Test: boot walleye
Change-Id: I89ad4755e6760aa166cb22e2655567e5905dc672
---
 private/compat/28.0/28.0.cil | 5 +++++
 private/file_contexts        | 5 -----
 public/device.te             | 5 -----
 3 files changed, 5 insertions(+), 10 deletions(-)

diff --git a/private/compat/28.0/28.0.cil b/private/compat/28.0/28.0.cil
index e76bc2d6d..8bb849a7a 100644
--- a/private/compat/28.0/28.0.cil
+++ b/private/compat/28.0/28.0.cil
@@ -1,10 +1,15 @@
 ;; types removed from current policy
+(type audio_seq_device)
+(type audio_timer_device)
 (type commontime_management_service)
+(type full_device)
+(type i2c_device)
 (type mediacodec)
 (type mediacodec_exec)
 (type qtaguid_proc)
 (type thermalcallback_hwservice)
 (type untrusted_v2_app)
+(type vcs_device)
 
 ;; Public 28.0 SEPolicy is divergent on different devices w.r.t
 ;; exported_audio_prop type. We need this typeattribute declaration so that the
diff --git a/private/file_contexts b/private/file_contexts
index 3284b6841..571b47cc1 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -90,12 +90,10 @@
 /dev/eac		u:object_r:audio_device:s0
 /dev/event-log-tags     u:object_r:runtime_event_log_tags_file:s0
 /dev/fscklogs(/.*)?	u:object_r:fscklogs:s0
-/dev/full		u:object_r:full_device:s0
 /dev/fuse		u:object_r:fuse_device:s0
 /dev/graphics(/.*)?	u:object_r:graphics_device:s0
 /dev/hw_random		u:object_r:hw_random_device:s0
 /dev/hwbinder		u:object_r:hwbinder_device:s0
-/dev/i2c-[0-9]+		u:object_r:i2c_device:s0
 /dev/input(/.*)?	u:object_r:input_device:s0
 /dev/iio:device[0-9]+   u:object_r:iio_device:s0
 /dev/ion		u:object_r:ion_device:s0
@@ -121,8 +119,6 @@
 /dev/rproc_user	u:object_r:rpmsg_device:s0
 /dev/rtc[0-9]      u:object_r:rtc_device:s0
 /dev/snd(/.*)?		u:object_r:audio_device:s0
-/dev/snd/audio_timer_device	u:object_r:audio_timer_device:s0
-/dev/snd/audio_seq_device	u:object_r:audio_seq_device:s0
 /dev/socket(/.*)?	u:object_r:socket_device:s0
 /dev/socket/adbd	u:object_r:adbd_socket:s0
 /dev/socket/dnsproxyd	u:object_r:dnsproxyd_socket:s0
@@ -173,7 +169,6 @@
 /dev/urandom		u:object_r:random_device:s0
 /dev/usb_accessory	u:object_r:usbaccessory_device:s0
 /dev/v4l-touch[0-9]*	u:object_r:input_device:s0
-/dev/vcs[0-9a-z]*	u:object_r:vcs_device:s0
 /dev/video[0-9]*	u:object_r:video_device:s0
 /dev/vndbinder		u:object_r:vndbinder_device:s0
 /dev/watchdog		u:object_r:watchdog_device:s0
diff --git a/public/device.te b/public/device.te
index 1ab08b470..7e18095d0 100644
--- a/public/device.te
+++ b/public/device.te
@@ -3,8 +3,6 @@ type device, dev_type, fs_type;
 type alarm_device, dev_type, mlstrustedobject;
 type ashmem_device, dev_type, mlstrustedobject;
 type audio_device, dev_type;
-type audio_timer_device, dev_type;
-type audio_seq_device, dev_type;
 type binder_device, dev_type, mlstrustedobject;
 type hwbinder_device, dev_type, mlstrustedobject;
 type vndbinder_device, dev_type;
@@ -22,7 +20,6 @@ type vold_device, dev_type;
 type console_device, dev_type;
 type cpuctl_device, dev_type;
 type fscklogs, dev_type;
-type full_device, dev_type;
 # GPU (used by most UI apps)
 type gpu_device, dev_type, mlstrustedobject;
 type graphics_device, dev_type;
@@ -46,7 +43,6 @@ type socket_device, dev_type;
 type owntty_device, dev_type, mlstrustedobject;
 type tty_device, dev_type;
 type video_device, dev_type;
-type vcs_device, dev_type;
 type zero_device, dev_type, mlstrustedobject;
 type fuse_device, dev_type, mlstrustedobject;
 type iio_device, dev_type;
@@ -61,7 +57,6 @@ type usb_device, dev_type, mlstrustedobject;
 type properties_device, dev_type;
 type properties_serial, dev_type;
 type property_info, dev_type;
-type i2c_device, dev_type;
 
 # All devices have a uart for the hci
 # attach service. The uart dev node
-- 
GitLab