diff --git a/private/adbd.te b/private/adbd.te
index 864358a571abf72805628c8729756907df787e68..191c519f86d02cef6a0dae019ff31dbed786f313 100644
--- a/private/adbd.te
+++ b/private/adbd.te
@@ -18,9 +18,6 @@ userdebug_or_eng(`
recovery_only(`
domain_trans(adbd, rootfs, shell)
allow adbd shell:process dyntransition;
-
- # Allows reboot fastboot to enter fastboot directly
- unix_socket_connect(adbd, recovery, recovery)
')
# Do not sanitize the environment or open fds of the shell. Allow signaling
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index d52b41b94d0be8ee7683d730b0a5c64113eccaeb..5a961076a52831b8a71adcfcaedbcc9cc32eac4d 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -49,7 +49,6 @@
exported3_default_prop
exported3_radio_prop
exported3_system_prop
- fastbootd
fingerprint_vendor_data_file
fs_bpf
hal_audiocontrol_hwservice
@@ -97,7 +96,6 @@
perfetto_traces_data_file
perfprofd_service
property_info
- recovery_socket
secure_element
secure_element_device
secure_element_tmpfs
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 8e5370ce53f4b6f060e466479ad5c64862f3ebba..9120694d81894ca7f888330cda3826fe296f4223 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -45,7 +45,6 @@
exported_system_radio_prop
exported_vold_prop
exported_wifi_prop
- fastbootd
fingerprint_vendor_data_file
fs_bpf
hal_audiocontrol_hwservice
@@ -84,7 +83,6 @@
perfetto_traces_data_file
perfprofd_service
property_info
- recovery_socket
secure_element
secure_element_device
secure_element_service
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 5386bee7d9295e09642536edbaa62f14bb71b812..18955b2eaf3cb5ebe7b841096fb638f9c6051004 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -5,7 +5,6 @@
(typeattributeset new_objects
( activity_task_service
adb_service
- fastbootd
hal_health_filesystem_hwservice
hal_system_suspend_default
hal_system_suspend_default_exec
@@ -15,7 +14,6 @@
llkd_tmpfs
mnt_product_file
overlayfs_file
- recovery_socket
system_lmk_prop
system_suspend_hwservice
time_prop
diff --git a/private/fastbootd.te b/private/fastbootd.te
deleted file mode 100644
index 29a9157e6d9b81761dee596ab94726ed19985ee9..0000000000000000000000000000000000000000
--- a/private/fastbootd.te
+++ /dev/null
@@ -1 +0,0 @@
-typeattribute fastbootd coredomain;
diff --git a/private/file_contexts b/private/file_contexts
index 0a77f6b01101149f2fe7d44e35800afec43b82e7..003d66c0216cb8c74efbc040e2f9f66bcd36e1bd 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -149,7 +149,6 @@
/dev/socket/pdx/system/vr/display/vsync u:object_r:pdx_display_vsync_endpoint_socket:s0
/dev/socket/property_service u:object_r:property_socket:s0
/dev/socket/racoon u:object_r:racoon_socket:s0
-/dev/socket/recovery u:object_r:recovery_socket:s0
/dev/socket/rild u:object_r:rild_socket:s0
/dev/socket/rild-debug u:object_r:rild_debug_socket:s0
/dev/socket/tombstoned_crash u:object_r:tombstoned_crash_socket:s0
diff --git a/private/init.te b/private/init.te
index 30e5e3623fc363cde8be1fb36c4ee04f705fb91d..02686a3f46332f51d865aeb7263a69b3068ae3f0 100644
--- a/private/init.te
+++ b/private/init.te
@@ -9,7 +9,6 @@ domain_trans(init, rootfs, slideshow)
domain_auto_trans(init, e2fs_exec, e2fs)
recovery_only(`
domain_trans(init, rootfs, adbd)
- domain_trans(init, rootfs, fastbootd)
domain_trans(init, rootfs, recovery)
')
domain_trans(init, shell_exec, shell)
diff --git a/public/domain.te b/public/domain.te
index 5b6944ded06d5fa6e0b88ca86610c3a79a66c36b..db2beefe5dc21128bcf6e12cd19c3e08a3c3a78d 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -557,7 +557,6 @@ neverallow {
domain
-adbd
-dumpstate
- -fastbootd
-hal_drm_server
-hal_cas_server
-init
@@ -592,21 +591,11 @@ neverallow {
-fsck
} metadata_block_device:blk_file { append link rename write open read ioctl lock };
-# No domain other than recovery, update_engine and fastbootd can write to system partition(s).
-neverallow {
- domain
- -fastbootd
- -recovery
- -update_engine
-} system_block_device:blk_file { write append };
+# No domain other than recovery and update_engine can write to system partition(s).
+neverallow { domain -recovery -update_engine } system_block_device:blk_file { write append };
-# No domains other than install_recovery, recovery or fastbootd can write to recovery.
-neverallow {
- domain
- -fastbootd
- -install_recovery
- -recovery
-} recovery_block_device:blk_file { write append };
+# No domains other than install_recovery or recovery can write to recovery.
+neverallow { domain -install_recovery -recovery } recovery_block_device:blk_file { write append };
# No domains other than a select few can access the misc_block_device. This
# block device is reserved for OTA use.
diff --git a/public/fastbootd.te b/public/fastbootd.te
deleted file mode 100644
index 82ae47bc5523329c2139ef62e9a587dba7f243c4..0000000000000000000000000000000000000000
--- a/public/fastbootd.te
+++ /dev/null
@@ -1,59 +0,0 @@
-# fastbootd (used in recovery init.rc for /sbin/fastbootd)
-
-# Declare the domain unconditionally so we can always reference it
-# in neverallow rules.
-type fastbootd, domain;
-
-# But the allow rules are only included in the recovery policy.
-# Otherwise fastbootd is only allowed the domain rules.
-recovery_only(`
- # fastbootd can only use HALs in passthrough mode
- passthrough_hal_client_domain(fastbootd, hal_bootctl)
-
- # Access /dev/usb-ffs/fastbootd/ep0
- allow fastbootd functionfs:dir search;
- allow fastbootd functionfs:file rw_file_perms;
-
- # Log to serial
- allow fastbootd kmsg_device:chr_file { open write };
-
- # battery info
- allow fastbootd sysfs_batteryinfo:file r_file_perms;
-
- allow fastbootd device:dir r_dir_perms;
-
- # Reboot the device
- set_prop(fastbootd, powerctl_prop)
-
- # Read serial number of the device from system properties
- get_prop(fastbootd, serialno_prop)
-
- # Set sys.usb.ffs.ready.
- set_prop(fastbootd, ffs_prop)
- set_prop(fastbootd, exported_ffs_prop)
-
- unix_socket_connect(fastbootd, recovery, recovery)
-
- # Required for flashing
- allow fastbootd dm_device:chr_file rw_file_perms;
- allow fastbootd dm_device:blk_file rw_file_perms;
-
- allow fastbootd system_block_device:blk_file rw_file_perms;
- allow fastbootd boot_block_device:blk_file rw_file_perms;
-
- allow fastbootd misc_block_device:blk_file rw_file_perms;
-
- allow fastbootd proc_cmdline:file r_file_perms;
- allow fastbootd rootfs:dir r_dir_perms;
- allow fastbootd sysfs_dt_firmware_android:file r_file_perms;
-')
-
-###
-### neverallow rules
-###
-
-# Write permission is required to wipe userdata
-# until recovery supports vold.
-neverallow fastbootd {
- data_file_type
-}:file { no_x_file_perms };
diff --git a/public/file.te b/public/file.te
index 4b0dc2dcbc0e11761ae56efed4e7a2974b68526b..75d1edcbbaa471c0e65d07012465741dff29202f 100644
--- a/public/file.te
+++ b/public/file.te
@@ -342,7 +342,6 @@ type mtpd_socket, file_type, coredomain_socket;
type netd_socket, file_type, coredomain_socket;
type property_socket, file_type, coredomain_socket, mlstrustedobject;
type racoon_socket, file_type, coredomain_socket;
-type recovery_socket, file_type, coredomain_socket;
type rild_socket, file_type;
type rild_debug_socket, file_type;
type system_wpa_socket, file_type, data_file_type, core_data_file_type, coredomain_socket;
diff --git a/public/recovery.te b/public/recovery.te
index 317cf32b7582b8522b7f0ca4fe57282b72b56150..dcec9705ec68ff8bc9767d1487066e01c341d883 100644
--- a/public/recovery.te
+++ b/public/recovery.te
@@ -118,10 +118,6 @@ recovery_only(`
set_prop(recovery, ffs_prop)
set_prop(recovery, exported_ffs_prop)
- # Set sys.usb.config when switching into fastboot.
- set_prop(recovery, system_radio_prop)
- set_prop(recovery, exported_system_radio_prop)
-
# Read ro.boot.bootreason
get_prop(recovery, bootloader_boot_reason_prop)