From 0296b9434f3b933b37f67c143788f87cb80b3325 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Tue, 25 Feb 2014 13:50:56 -0500
Subject: [PATCH] Move qemud and /dev/qemu policy bits to emulator-specific
 sepolicy.

Change-Id: I620d4aef84a5d4565abb1695db54ce1653612bce
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 adbd.te          | 3 ---
 device.te        | 1 -
 file.te          | 1 -
 file_contexts    | 4 ----
 mediaserver.te   | 1 -
 qemud.te         | 6 ------
 rild.te          | 2 --
 system_server.te | 2 --
 8 files changed, 20 deletions(-)
 delete mode 100644 qemud.te

diff --git a/adbd.te b/adbd.te
index 27a497ea8..cda54142d 100644
--- a/adbd.te
+++ b/adbd.te
@@ -25,9 +25,6 @@ net_domain(adbd)
 # Access /dev/android_adb.
 allow adbd adb_device:chr_file rw_file_perms;
 
-# On emulator, access /dev/qemu*.
-allow adbd qemu_device:chr_file rw_file_perms;
-
 # Use a pseudo tty.
 allow adbd devpts:chr_file rw_file_perms;
 
diff --git a/device.te b/device.te
index ca3c342a8..760b5e456 100644
--- a/device.te
+++ b/device.te
@@ -26,7 +26,6 @@ type mtd_device, dev_type;
 type mtp_device, dev_type, mlstrustedobject;
 type nfc_device, dev_type;
 type ptmx_device, dev_type, mlstrustedobject;
-type qemu_device, dev_type;
 type kmsg_device, dev_type;
 type null_device, dev_type, mlstrustedobject;
 type random_device, dev_type;
diff --git a/file.te b/file.te
index 8ff08276e..baa77d0b7 100644
--- a/file.te
+++ b/file.te
@@ -118,7 +118,6 @@ type mdns_socket, file_type;
 type mdnsd_socket, file_type;
 type netd_socket, file_type;
 type property_socket, file_type;
-type qemud_socket, file_type;
 type racoon_socket, file_type;
 type rild_socket, file_type;
 type rild_debug_socket, file_type;
diff --git a/file_contexts b/file_contexts
index 4f843d3c3..6b7e45c0d 100644
--- a/file_contexts
+++ b/file_contexts
@@ -65,7 +65,6 @@
 /dev/ppp		u:object_r:ppp_device:s0
 /dev/ptmx		u:object_r:ptmx_device:s0
 /dev/pvrsrvkm		u:object_r:gpu_device:s0
-/dev/qemu_.*		u:object_r:qemu_device:s0
 /dev/kmsg		u:object_r:kmsg_device:s0
 /dev/null		u:object_r:null_device:s0
 /dev/nvhdcp1		u:object_r:video_device:s0
@@ -88,7 +87,6 @@
 /dev/socket/mdnsd	u:object_r:mdnsd_socket:s0
 /dev/socket/netd	u:object_r:netd_socket:s0
 /dev/socket/property_service	u:object_r:property_socket:s0
-/dev/socket/qemud	u:object_r:qemud_socket:s0
 /dev/socket/racoon	u:object_r:racoon_socket:s0
 /dev/socket/rild	u:object_r:rild_socket:s0
 /dev/socket/rild-debug	u:object_r:rild_debug_socket:s0
@@ -136,7 +134,6 @@
 /system/bin/debuggerd	u:object_r:debuggerd_exec:s0
 /system/bin/debuggerd64	u:object_r:debuggerd_exec:s0
 /system/bin/wpa_supplicant	u:object_r:wpa_exec:s0
-/system/bin/qemud	u:object_r:qemud_exec:s0
 /system/bin/sdcard      u:object_r:sdcardd_exec:s0
 /system/bin/dhcpcd      u:object_r:dhcp_exec:s0
 /system/bin/mtpd	u:object_r:mtp_exec:s0
@@ -215,7 +212,6 @@
 #############################
 # sysfs files
 #
-/sys/qemu_trace(/.*)?	--	u:object_r:sysfs_writable:s0
 /sys/devices/platform/nfc-power/nfc_power -- u:object_r:sysfs_nfc_power_writable:s0
 /sys/devices/system/cpu(/.*)?    u:object_r:sysfs_devices_system_cpu:s0
 /sys/power/wake_lock -- u:object_r:sysfs_wake_lock:s0
diff --git a/mediaserver.te b/mediaserver.te
index 31b481886..ad291b088 100644
--- a/mediaserver.te
+++ b/mediaserver.te
@@ -28,7 +28,6 @@ allow mediaserver { gpu_device graphics_device }:chr_file rw_file_perms;
 allow mediaserver video_device:dir r_dir_perms;
 allow mediaserver video_device:chr_file rw_file_perms;
 allow mediaserver audio_device:dir r_dir_perms;
-allow mediaserver qemu_device:chr_file rw_file_perms;
 allow mediaserver tee_device:chr_file rw_file_perms;
 allow mediaserver audio_prop:property_service set;
 
diff --git a/qemud.te b/qemud.te
deleted file mode 100644
index caf7a09f1..000000000
--- a/qemud.te
+++ /dev/null
@@ -1,6 +0,0 @@
-# qemu support daemon
-type qemud, domain;
-type qemud_exec, exec_type, file_type;
-
-init_daemon_domain(qemud)
-unconfined_domain(qemud)
\ No newline at end of file
diff --git a/rild.te b/rild.te
index ea4d34f62..9c315d5a9 100644
--- a/rild.te
+++ b/rild.te
@@ -8,13 +8,11 @@ net_domain(rild)
 allow rild self:netlink_route_socket nlmsg_write;
 allow rild kernel:system module_request;
 unix_socket_connect(rild, property, init)
-unix_socket_connect(rild, qemud, qemud)
 allow rild self:capability { setuid net_admin net_raw };
 allow rild alarm_device:chr_file rw_file_perms;
 allow rild cgroup:dir create_dir_perms;
 allow rild radio_device:chr_file rw_file_perms;
 allow rild radio_device:blk_file r_file_perms;
-allow rild qemu_device:chr_file rw_file_perms;
 allow rild mtd_device:dir search;
 allow rild efs_file:dir create_dir_perms;
 allow rild efs_file:file create_file_perms;
diff --git a/system_server.te b/system_server.te
index 01ddeb710..152ece1d1 100644
--- a/system_server.te
+++ b/system_server.te
@@ -81,7 +81,6 @@ allow system_server init:process sigchld;
 
 # Talk to init and various daemons via sockets.
 unix_socket_connect(system_server, property, init)
-unix_socket_connect(system_server, qemud, qemud)
 unix_socket_connect(system_server, installd, installd)
 unix_socket_connect(system_server, lmkd, lmkd)
 unix_socket_connect(system_server, netd, netd)
@@ -130,7 +129,6 @@ allow system_server urandom_device:chr_file rw_file_perms;
 allow system_server usbaccessory_device:chr_file rw_file_perms;
 allow system_server video_device:dir r_dir_perms;
 allow system_server video_device:chr_file rw_file_perms;
-allow system_server qemu_device:chr_file rw_file_perms;
 allow system_server adbd_socket:sock_file rw_file_perms;
 
 # tun device used for 3rd party vpn apps
-- 
GitLab