te_macros: drop unused macros

boolean and setenforce macros are not used in base policy and cannot be used in any policy, since they violate neverallow rules. Remove these from the policy. Change-Id: Icc0780eaf06e95af36306031e1f615b05cb79869 Signed-off-by: William Roberts <william.c.roberts@intel.com>

te_macros: drop unused macros
2925c1cc · William Roberts · 362d6ff1 · 2925c1cc
Commit 2925c1cc authored 8 years ago by William Roberts
--- a/te_macros
+++ b/te_macros
@@ -232,22 +232,6 @@ allow $1 selinuxfs:file rw_file_perms;
 allow $1 kernel:security check_context;
 ')

-#####################################
-# selinux_setenforce(domain)
-# Allow domain to set SELinux to enforcing.
-define(`selinux_setenforce', `
-allow $1 selinuxfs:file rw_file_perms;
-allow $1 kernel:security setenforce;
-')
-
-#####################################
-# selinux_setbool(domain)
-# Allow domain to set SELinux booleans.
-define(`selinux_setbool', `
-allow $1 selinuxfs:file rw_file_perms;
-allow $1 kernel:security setbool;
-')
-
 #####################################
 # create_pty(domain)
 # Allow domain to create and use a pty, isolated from any other domain ptys.