From 0e43e4e655fdbeac10f58ab5ab96ddfa3da42c76 Mon Sep 17 00:00:00 2001
From: Daniel Nicoara <dnicoara@google.com>
Date: Fri, 21 Apr 2017 09:55:13 -0400
Subject: [PATCH] Remove vr_wm service selinux policy

vr_wm functionality is moved in VrCore, so remove this service.

Bug: 37542947, 36506799
Test: Ran on device and verified there are no permission errors while in
VR
Change-Id: I37fd34e96babec2a990600907f61da8c358ecc89
---
 private/file_contexts    |  1 -
 private/service_contexts |  1 -
 private/system_server.te |  2 --
 private/vr_wm.te         |  5 -----
 public/performanced.te   |  4 ++--
 public/service.te        |  1 -
 public/vr_hwc.te         |  2 --
 public/vr_wm.te          | 28 ----------------------------
 8 files changed, 2 insertions(+), 42 deletions(-)
 delete mode 100644 private/vr_wm.te
 delete mode 100644 public/vr_wm.te

diff --git a/private/file_contexts b/private/file_contexts
index 81b0aae1d..866b63052 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -249,7 +249,6 @@
 /system/bin/webview_zygote32     u:object_r:webview_zygote_exec:s0
 /system/bin/webview_zygote64     u:object_r:webview_zygote_exec:s0
 /system/bin/virtual_touchpad     u:object_r:virtual_touchpad_exec:s0
-/system/bin/vr_wm                u:object_r:vr_wm_exec:s0
 /system/bin/hw/android\.hidl\.allocator@1\.0-service          u:object_r:hal_allocator_default_exec:s0
 /system/etc/selinux/mapping/[0-9]+\.[0-9]+\.cil       u:object_r:sepolicy_file:s0
 /system/etc/selinux/plat_mac_permissions\.xml u:object_r:mac_perms_file:s0
diff --git a/private/service_contexts b/private/service_contexts
index 8ba1b0ca1..c7e97230f 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -159,7 +159,6 @@ user                                      u:object_r:user_service:s0
 vibrator                                  u:object_r:vibrator_service:s0
 virtual_touchpad                          u:object_r:virtual_touchpad_service:s0
 voiceinteraction                          u:object_r:voiceinteraction_service:s0
-vr_window_manager                         u:object_r:vr_window_manager_service:s0
 vr_hwc                                    u:object_r:vr_hwc_service:s0
 vrmanager                                 u:object_r:vr_manager_service:s0
 wallpaper                                 u:object_r:wallpaper_service:s0
diff --git a/private/system_server.te b/private/system_server.te
index 404a253aa..8b922d1f7 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -527,8 +527,6 @@ allow system_server netd_service:service_manager find;
 allow system_server nfc_service:service_manager find;
 allow system_server radio_service:service_manager find;
 allow system_server surfaceflinger_service:service_manager find;
-# TODO(b/36506799): move vr_wm code to VrCore and remove this:
-allow system_server vr_window_manager_service:service_manager find;
 allow system_server wificond_service:service_manager find;
 
 allow system_server keystore:keystore_key {
diff --git a/private/vr_wm.te b/private/vr_wm.te
deleted file mode 100644
index 38564f208..000000000
--- a/private/vr_wm.te
+++ /dev/null
@@ -1,5 +0,0 @@
-# vr_wm - VR Window Manager
-typeattribute vr_wm coredomain;
-
-# The vr_wm is started by init.
-init_daemon_domain(vr_wm)
diff --git a/public/performanced.te b/public/performanced.te
index 95038cd48..8f9d16b05 100644
--- a/public/performanced.te
+++ b/public/performanced.te
@@ -10,9 +10,9 @@ allow performanced self:capability { setuid setgid sys_nice };
 # Access /proc to validate we're only affecting threads in the same thread group.
 # Performanced also shields unbound kernel threads.  It scans every task in the
 # root cpu set, but only affects the kernel threads.
-r_dir_file(performanced, { appdomain bufferhubd kernel sensord surfaceflinger vr_wm })
+r_dir_file(performanced, { appdomain bufferhubd kernel sensord surfaceflinger })
 dontaudit performanced domain:dir read;
-allow performanced { appdomain bufferhubd kernel sensord surfaceflinger vr_wm }:process setsched;
+allow performanced { appdomain bufferhubd kernel sensord surfaceflinger }:process setsched;
 
 # Access /dev/cpuset/cpuset.cpus
 r_dir_file(performanced, cgroup)
diff --git a/public/service.te b/public/service.te
index efd4c86cc..da540dbf5 100644
--- a/public/service.te
+++ b/public/service.te
@@ -27,7 +27,6 @@ type surfaceflinger_service,    service_manager_type;
 type system_app_service,        service_manager_type;
 type update_engine_service,     service_manager_type;
 type virtual_touchpad_service,  service_manager_type;
-type vr_window_manager_service, service_manager_type;
 type vr_hwc_service,            service_manager_type;
 
 # system_server_services broken down
diff --git a/public/vr_hwc.te b/public/vr_hwc.te
index c0abdcd14..a33baea53 100644
--- a/public/vr_hwc.te
+++ b/public/vr_hwc.te
@@ -10,8 +10,6 @@ binder_service(vr_hwc)
 binder_call(vr_hwc, surfaceflinger)
 # Needed to check for app permissions.
 binder_call(vr_hwc, system_server)
-# TODO(dnicoara): Remove once vr_wm is disabled.
-binder_call(vr_hwc, vr_wm)
 
 add_service(vr_hwc, vr_hwc_service)
 
diff --git a/public/vr_wm.te b/public/vr_wm.te
deleted file mode 100644
index 1e486097d..000000000
--- a/public/vr_wm.te
+++ /dev/null
@@ -1,28 +0,0 @@
-type vr_wm, domain;
-type vr_wm_exec, exec_type, file_type;
-
-hal_client_domain(vr_wm, hal_graphics_allocator)
-
-binder_use(vr_wm)
-binder_call(vr_wm, virtual_touchpad)
-binder_call(vr_wm, vr_hwc)
-
-allow vr_wm virtual_touchpad_service:service_manager find;
-allow vr_wm vr_hwc_service:service_manager find;
-
-binder_service(vr_wm)
-add_service(vr_wm, vr_window_manager_service)
-
-# Load vendor libraries.
-allow vr_wm system_file:dir r_dir_perms;
-
-allow vr_wm gpu_device:chr_file rw_file_perms;
-allow vr_wm ion_device:chr_file r_file_perms;
-
-# Get buffer metadata.
-allow vr_wm hal_graphics_allocator:fd use;
-
-use_pdx(vr_wm, bufferhubd)
-use_pdx(vr_wm, sensord)
-use_pdx(vr_wm, surfaceflinger)
-use_pdx(vr_wm, performanced)
-- 
GitLab