From 3ba2d466160badc90dbec6f83d9dd0bb4fe59846 Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Thu, 12 May 2016 13:40:26 -0700
Subject: [PATCH] move gpsd domain to device specific policy

Only used by Flounder.

Bug: 8435593
Change-Id: I06655e897ab68a1724190950e128cd390617f2bd
---
 app.te           |  4 ----
 device.te        |  1 -
 file.te          |  3 ---
 file_contexts    |  6 ------
 gpsd.te          | 29 -----------------------------
 rild.te          |  3 ---
 system_server.te |  2 --
 7 files changed, 48 deletions(-)
 delete mode 100644 gpsd.te

diff --git a/app.te b/app.te
index 7a679fdb7..0d7b6001b 100644
--- a/app.te
+++ b/app.te
@@ -256,7 +256,6 @@ neverallow appdomain {
     audio_device
     camera_device
     dm_device
-    gps_device
     radio_device
     rpmsg_device
     video_device
@@ -339,9 +338,6 @@ neverallow appdomain system_data_file:dir_file_class_set
 # Write to various other parts of /data.
 neverallow appdomain drm_data_file:dir_file_class_set
     { create write setattr relabelfrom relabelto append unlink link rename };
-neverallow { appdomain -system_app }
-    gps_data_file:dir_file_class_set
-    { create write setattr relabelfrom relabelto append unlink link rename };
 neverallow { appdomain -platform_app }
     apk_data_file:dir_file_class_set
     { create write setattr relabelfrom relabelto append unlink link rename };
diff --git a/device.te b/device.te
index 06006b26d..e3ddb95f2 100644
--- a/device.te
+++ b/device.te
@@ -44,7 +44,6 @@ type zero_device, dev_type, mlstrustedobject;
 type fuse_device, dev_type, mlstrustedobject;
 type iio_device, dev_type;
 type ion_device, dev_type, mlstrustedobject;
-type gps_device, dev_type;
 type qtaguid_device, dev_type;
 type watchdog_device, dev_type;
 type uhid_device, dev_type;
diff --git a/file.te b/file.te
index 1f8dd3cda..8e3bbe587 100644
--- a/file.te
+++ b/file.te
@@ -92,8 +92,6 @@ type dalvikcache_data_file, file_type, data_file_type;
 type resourcecache_data_file, file_type, data_file_type;
 # /data/local - writable by shell
 type shell_data_file, file_type, data_file_type, mlstrustedobject;
-# /data/gps
-type gps_data_file, file_type, data_file_type;
 # /data/property
 type property_data_file, file_type, data_file_type;
 # /data/bootchart
@@ -188,7 +186,6 @@ type bluetooth_socket, file_type;
 type dnsproxyd_socket, file_type, mlstrustedobject;
 type dumpstate_socket, file_type;
 type fwmarkd_socket, file_type, mlstrustedobject;
-type gps_socket, file_type;
 type installd_socket, file_type;
 type lmkd_socket, file_type;
 type logd_socket, file_type, mlstrustedobject;
diff --git a/file_contexts b/file_contexts
index 83d87e162..508918359 100644
--- a/file_contexts
+++ b/file_contexts
@@ -79,8 +79,6 @@
 /dev/log(/.*)?		u:object_r:log_device:s0
 /dev/mem		u:object_r:kmem_device:s0
 /dev/modem.*		u:object_r:radio_device:s0
-/dev/mpu		u:object_r:gps_device:s0
-/dev/mpuirq		u:object_r:gps_device:s0
 /dev/mtd(/.*)?		u:object_r:mtd_device:s0
 /dev/mtp_usb		u:object_r:mtp_device:s0
 /dev/pmsg0		u:object_r:pmsg_device:s0
@@ -103,7 +101,6 @@
 /dev/socket/dnsproxyd	u:object_r:dnsproxyd_socket:s0
 /dev/socket/dumpstate	u:object_r:dumpstate_socket:s0
 /dev/socket/fwmarkd	u:object_r:fwmarkd_socket:s0
-/dev/socket/gps		u:object_r:gps_socket:s0
 /dev/socket/installd	u:object_r:installd_socket:s0
 /dev/socket/lmkd        u:object_r:lmkd_socket:s0
 /dev/socket/logd	u:object_r:logd_socket:s0
@@ -185,7 +182,6 @@
 /system/bin/racoon	u:object_r:racoon_exec:s0
 /system/xbin/su		u:object_r:su_exec:s0
 /system/xbin/perfprofd  u:object_r:perfprofd_exec:s0
-/system/vendor/bin/gpsd u:object_r:gpsd_exec:s0
 /system/bin/dnsmasq     u:object_r:dnsmasq_exec:s0
 /system/bin/hostapd     u:object_r:hostapd_exec:s0
 /system/bin/clatd	u:object_r:clatd_exec:s0
@@ -211,7 +207,6 @@
 # Vendor files
 #
 /vendor(/.*)?		u:object_r:system_file:s0
-/vendor/bin/gpsd	u:object_r:gpsd_exec:s0
 
 #############################
 # OEM and ODM files
@@ -233,7 +228,6 @@
 /data/secure/backup(/.*)?	u:object_r:backup_data_file:s0
 /data/system/ndebugsocket	u:object_r:system_ndebug_socket:s0
 /data/drm(/.*)?		u:object_r:drm_data_file:s0
-/data/gps(/.*)?		u:object_r:gps_data_file:s0
 /data/resource-cache(/.*)? u:object_r:resourcecache_data_file:s0
 /data/dalvik-cache(/.*)? u:object_r:dalvikcache_data_file:s0
 /data/adb(/.*)?		u:object_r:adb_data_file:s0
diff --git a/gpsd.te b/gpsd.te
deleted file mode 100644
index 4b2222314..000000000
--- a/gpsd.te
+++ /dev/null
@@ -1,29 +0,0 @@
-# gpsd - GPS daemon
-type gpsd, domain;
-type gpsd_exec, exec_type, file_type;
-
-init_daemon_domain(gpsd)
-net_domain(gpsd)
-allow gpsd gps_data_file:dir rw_dir_perms;
-allow gpsd gps_data_file:notdevfile_class_set create_file_perms;
-# Socket is created by the daemon, not by init, and under /data/gps,
-# not under /dev/socket.
-type_transition gpsd gps_data_file:sock_file gps_socket;
-allow gpsd gps_socket:sock_file create_file_perms;
-# XXX Label sysfs files with a specific type?
-allow gpsd sysfs:file rw_file_perms;
-
-allow gpsd gps_device:chr_file rw_file_perms;
-
-# Execute the shell or system commands.
-allow gpsd shell_exec:file rx_file_perms;
-allow gpsd system_file:file rx_file_perms;
-allow gpsd toolbox_exec:file rx_file_perms;
-
-###
-### neverallow
-###
-
-# gpsd can never have capabilities other than block_suspend
-neverallow gpsd self:capability *;
-neverallow gpsd self:capability2 ~block_suspend;
diff --git a/rild.te b/rild.te
index e2856a31e..ca63d3306 100644
--- a/rild.te
+++ b/rild.te
@@ -31,9 +31,6 @@ set_prop(rild, system_radio_prop)
 auditallow rild net_radio_prop:property_service set;
 auditallow rild system_radio_prop:property_service set;
 
-# Read/Write to uart driver (for GPS)
-allow rild gps_device:chr_file rw_file_perms;
-
 allow rild tty_device:chr_file rw_file_perms;
 
 # Allow rild to create and use netlink sockets.
diff --git a/system_server.te b/system_server.te
index c2b72bfe1..fb864caeb 100644
--- a/system_server.te
+++ b/system_server.te
@@ -118,7 +118,6 @@ unix_socket_connect(system_server, mtpd, mtp)
 unix_socket_connect(system_server, netd, netd)
 unix_socket_connect(system_server, vold, vold)
 unix_socket_connect(system_server, zygote, zygote)
-unix_socket_connect(system_server, gps, gpsd)
 unix_socket_connect(system_server, racoon, racoon)
 unix_socket_send(system_server, wpa, wpa)
 
@@ -317,7 +316,6 @@ auditallow system_server system_file:file execute_no_trans;
 
 # LocationManager(e.g, GPS) needs to read and write
 # to uart driver and ctrl proc entry
-allow system_server gps_device:chr_file rw_file_perms;
 allow system_server gps_control:file rw_file_perms;
 
 # Allow system_server to use app-created sockets and pipes.
-- 
GitLab