From d833f6ba95afe4f4ba5e062825b219695d6ac1a9 Mon Sep 17 00:00:00 2001
From: Alex Klyubin <klyubin@google.com>
Date: Mon, 6 Feb 2017 15:00:23 -0800
Subject: [PATCH] Move mdnsd policy to private

This leaves only the existence of mdnsd domain as public API. All
other rules are implementation details of this domains's policy and
are thus now private.

Test: No change to policy according to sesearch, except for
      disappearance of all allow rules to do with mdnsd_current (as
      expected).
Bug: 31364497

Change-Id: Ia4f01d91e7d593401e8cde2d796a0f1023f6dae4
---
 private/mdnsd.te | 12 ++++++++++--
 public/mdnsd.te  |  8 +-------
 2 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/private/mdnsd.te b/private/mdnsd.te
index 54659d1d1..2fefc32dd 100644
--- a/private/mdnsd.te
+++ b/private/mdnsd.te
@@ -1,3 +1,11 @@
-# type_transition must be private policy the domain_trans rules could stay
-# public, but conceptually should go with this
+# mdns daemon
+
+typeattribute mdnsd mlstrustedsubject;
+
+type mdnsd_exec, exec_type, file_type;
 init_daemon_domain(mdnsd)
+
+net_domain(mdnsd)
+
+# Read from /proc/net
+r_dir_file(mdnsd, proc_net)
diff --git a/public/mdnsd.te b/public/mdnsd.te
index c32b433c9..ef7b065d8 100644
--- a/public/mdnsd.te
+++ b/public/mdnsd.te
@@ -1,8 +1,2 @@
 # mdns daemon
-type mdnsd, domain, mlstrustedsubject;
-type mdnsd_exec, exec_type, file_type;
-
-net_domain(mdnsd)
-
-# Read from /proc/net
-r_dir_file(mdnsd, proc_net)
+type mdnsd, domain;
-- 
GitLab