From 2c347e0a3676bb50cac796ca94eb6ab53c08fc87 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Tue, 25 Feb 2014 13:22:01 -0500
Subject: [PATCH] Drop obsolete keystore_socket type and rules.

Change I6dacdc43bcc1a56e47655e37e825ee6a205eb56b switched
the keystore to using binder instead of a socket, so this
socket type and rules have been unused for a while.  The type
was only ever assigned to a /dev/socket socket file (tmpfs) so
there is no issue with removing the type (no persistent files
will have this xattr value).

Change-Id: Id584233c58f6276774c3432ea76878aca28d6280
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 app.te           | 3 ---
 file.te          | 1 -
 file_contexts    | 1 -
 system_app.te    | 3 ---
 system_server.te | 1 -
 5 files changed, 9 deletions(-)

diff --git a/app.te b/app.te
index 53349140e..3e58736b9 100644
--- a/app.te
+++ b/app.te
@@ -11,9 +11,6 @@
 allow appdomain self:process execmem;
 allow appdomain ashmem_device:chr_file execute;
 
-# Allow apps to connect to the keystore
-unix_socket_connect(appdomain, keystore, keystore)
-
 # Receive and use open file descriptors inherited from zygote.
 allow appdomain zygote:fd use;
 
diff --git a/file.te b/file.te
index dc0b0c68b..8ff08276e 100644
--- a/file.te
+++ b/file.te
@@ -109,7 +109,6 @@ type dnsproxyd_socket, file_type, mlstrustedobject;
 type dumpstate_socket, file_type;
 type gps_socket, file_type;
 type installd_socket, file_type;
-type keystore_socket, file_type;
 type lmkd_socket, file_type;
 type logd_debug, file_type;
 type logd_socket, file_type;
diff --git a/file_contexts b/file_contexts
index 4b0ae8ab1..4f843d3c3 100644
--- a/file_contexts
+++ b/file_contexts
@@ -79,7 +79,6 @@
 /dev/socket/dumpstate	u:object_r:dumpstate_socket:s0
 /dev/socket/gps		u:object_r:gps_socket:s0
 /dev/socket/installd	u:object_r:installd_socket:s0
-/dev/socket/keystore	u:object_r:keystore_socket:s0
 /dev/socket/lmkd        u:object_r:lmkd_socket:s0
 /dev/logd_debug		u:object_r:logd_debug:s0
 /dev/socket/logd	u:object_r:logd_socket:s0
diff --git a/system_app.te b/system_app.te
index 702c55635..a20a4ece1 100644
--- a/system_app.te
+++ b/system_app.te
@@ -23,9 +23,6 @@ allow system_app wallpaper_file:file r_file_perms;
 # Write to dalvikcache.
 allow system_app dalvikcache_data_file:file { write setattr };
 
-# Talk to keystore.
-unix_socket_connect(system_app, keystore, keystore)
-
 # Read SELinux enforcing status.
 selinux_getenforce(system_app)
 
diff --git a/system_server.te b/system_server.te
index 2d5c331e6..01ddeb710 100644
--- a/system_server.te
+++ b/system_server.te
@@ -87,7 +87,6 @@ unix_socket_connect(system_server, lmkd, lmkd)
 unix_socket_connect(system_server, netd, netd)
 unix_socket_connect(system_server, vold, vold)
 unix_socket_connect(system_server, zygote, zygote)
-unix_socket_connect(system_server, keystore, keystore)
 unix_socket_connect(system_server, gps, gpsd)
 unix_socket_connect(system_server, racoon, racoon)
 unix_socket_send(system_server, wpa, wpa)
-- 
GitLab