Get rid of separate download_file type.

This appears to have been created to allow untrusted_app to
access DownloadProvider cache files without needing to allow
open access to platform_app_data_file.  Now that platform_app_data_file
is gone, there is no benefit to having this type.

Retain a typealias for download_file to app_data_file until
restorecon /data/data support is in place to provide compatibility.

This change depends on:
https://android-review.googlesource.com/#/c/87801/



Change-Id: Iab3c99d7d5448bdaa5c1e03a98fb6163804e1ec4
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

app.te

@@ -98,10 +98,6 @@ allow appdomain cache_backup_file:file { read write getattr };
 # Backup ability using 'adb backup'
 allow appdomain system_data_file:lnk_file getattr;
 
-# Allow all applications to read downloaded files
-allow appdomain download_file:dir search;
-allow appdomain download_file:file r_file_perms;
-
 # Allow read/stat of /data/media files passed by Binder or local socket IPC.
 allow appdomain media_rw_data_file:file { read getattr };
 

file.te

@@ -78,6 +78,7 @@ typealias audio_data_file alias audio_firmware_file;
 type app_data_file, file_type, data_file_type;
 # Compatibility with type name used in Android 4.3 and 4.4.
 typealias app_data_file alias platform_app_data_file;
+typealias app_data_file alias download_file;
 # Default type for anything under /cache
 type cache_file, file_type, mlstrustedobject;
 # Type for /cache/.*\.{data|restore} and default
@@ -101,8 +102,6 @@ type security_file, file_type;
 # vary per device, so this type is used in per
 # device policy
 type bluetooth_efs_file, file_type;
-# Downloaded files
-type download_file, file_type;
 
 # Socket types
 type adbd_socket, file_type;

file_contexts

@@ -197,8 +197,6 @@
 
 # Wallpaper file for other users
 /data/system/users/[0-9]+/wallpaper		u:object_r:wallpaper_file:s0
-# Downloaded files
-/data/data/com.android.providers.downloads/cache u:object_r:download_file:s0
 #############################
 # efs files
 #

installd.te

@@ -16,8 +16,6 @@ allow installd apk_data_file:file r_file_perms;
 allow installd apk_tmp_file:file r_file_perms;
 allow installd system_file:file x_file_perms;
 allow installd cgroup:dir create_dir_perms;
-allow installd download_file:dir { r_dir_perms write remove_name };
-allow installd download_file:file { r_file_perms unlink };
 dontaudit installd self:capability sys_admin;
 # Check validity of SELinux context before use.
 selinux_check_context(installd)

media_app.te

@@ -13,12 +13,5 @@ allow media_app mtp_device:chr_file rw_file_perms;
 # Stat /cache/backup
 allow media_app cache_backup_file:file getattr;
 allow media_app cache_backup_file:dir getattr;
-# Create download files.
-allow media_app download_file:dir rw_dir_perms;
-allow media_app download_file:file create_file_perms;
-# Allow platform apps to mark platform app data files as download files
-relabelto_domain(media_app)
-allow media_app app_data_file:dir relabelfrom;
-allow media_app download_file:dir relabelto;
 
 # inherits from platformappdomain.te

platform_app.te

@@ -21,7 +21,5 @@ allow platform_app apk_private_data_file:dir search;
 # ASEC
 allow platform_app asec_apk_file:dir create_dir_perms;
 allow platform_app asec_apk_file:file create_file_perms;
-# Access download files.
-allow platform_app download_file:file rw_file_perms;
 
 # inherits from platformappdomain.te

seapp_contexts

@@ -43,7 +43,6 @@ user=_app domain=untrusted_app type=app_data_file
 user=_app seinfo=platform domain=platform_app type=app_data_file
 user=_app seinfo=shared domain=shared_app type=app_data_file
 user=_app seinfo=media domain=media_app type=app_data_file
-user=_app seinfo=media name=com.android.providers.downloads path=cache* type=download_file
 user=_app seinfo=release domain=release_app type=app_data_file
 user=_isolated domain=isolated_app
 user=shell domain=shell type=shell_data_file