From 142480a8ac5c8ae04db3401401085192bd2334f7 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Thu, 4 Apr 2013 11:18:26 -0400
Subject: [PATCH] Drop SELinux management rules from AOSP.

As AOSP does not support the device admin API or the older
SEManager system app, just drop the allow rules associated with
permitting SELinux management via device admin or a system app.

Change-Id: Icdf40c9e6d343b19c156e4c7aea4cfb8c5f234ad
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 system.te | 16 ----------------
 1 file changed, 16 deletions(-)

diff --git a/system.te b/system.te
index b1adf65f6..db699aa27 100644
--- a/system.te
+++ b/system.te
@@ -30,22 +30,6 @@ selinux_getenforce(system_app)
 # Settings app reads sdcard for storage stats
 allow system_app sdcard_type:dir r_dir_perms;
 
-bool manage_selinux true;
-if (manage_selinux) {
-selinux_manage_policy(system)
-selinux_manage_policy(system_app)
-access_kmsg(system)
-access_kmsg(system_app)
-}
-
-bool manage_mac true;
-if (manage_mac) {
-mmac_manage_policy(system)
-mmac_manage_policy(system_app)
-access_logcat(system)
-access_logcat(system_app)
-}
-
 #
 # System Server aka system_server spawned by zygote.
 # Most of the framework services run in this process.
-- 
GitLab