system_server: clean up stale rules

979adffd added an auditallow to see if system_server was relabeling system_data_file. The auditallow rule hasn't triggered, so remove the allow rule. a3c97a76 added an auditallow to see if system_server was executing toolbox. The auditallow rule hasn't triggered, so remove the allow rule. AFAIK, system_server never executes ANY file, so further tightening here is feasible. Change-Id: Ia0a93f3833e32c3e2c898463bd8813701a6dd20a

system_server: clean up stale rules
142f97b7 · Nick Kralevich · d22987b4 · 142f97b7
Commit 142f97b7 authored 9 years ago by Nick Kralevich
--- a/system_server.te
+++ b/system_server.te
@@ -277,11 +277,6 @@ allow system_server system_data_file:file relabelfrom;
 allow system_server wallpaper_file:file relabelto;
 allow system_server wallpaper_file:file { rw_file_perms unlink };

-# This was originally required for relabeling /data/anr,
-# but should not be used anymore. TODO: remove it.
-allow system_server system_data_file:dir relabelfrom;
-auditallow system_server system_data_file:dir relabelfrom;
-
 # Property Service write
 set_prop(system_server, system_prop)
 set_prop(system_server, dhcp_prop)
@@ -317,10 +312,6 @@ allow system_server cache_file:fifo_file create_file_perms;
 # Run system programs, e.g. dexopt.
 allow system_server system_file:file x_file_perms;

-# XXX Run toolbox.  Might not be needed.
-allow system_server toolbox_exec:file rx_file_perms;
-auditallow system_server toolbox_exec:file rx_file_perms;
-
 # LocationManager(e.g, GPS) needs to read and write
 # to uart driver and ctrl proc entry
 allow system_server gps_device:chr_file rw_file_perms;