diff --git a/Android.mk b/Android.mk
index 8bf461de87d55fcbebec9932b6681b6183de8050..0c44f1ea55b7e4ec6246f065beb591ae887c1533 100644
--- a/Android.mk
+++ b/Android.mk
@@ -2,22 +2,6 @@ LOCAL_PATH:= $(call my-dir)
include $(CLEAR_VARS)
-# Force permissive domains to be unconfined+enforcing?
-#
-# During development, this should be set to false.
-# Permissive means permissive.
-#
-# When we're close to a release and SELinux new policy development
-# is frozen, we should flip this to true. This forces any currently
-# permissive domains into unconfined+enforcing.
-#
-FORCE_PERMISSIVE_TO_UNCONFINED ?= false
-
-ifeq ($(TARGET_BUILD_VARIANT),user)
- # User builds are always forced unconfined+enforcing
- FORCE_PERMISSIVE_TO_UNCONFINED := true
-endif
-
# SELinux policy version.
# Must be <= /selinux/policyvers reported by the Android kernel.
# Must be within the compatibility range reported by checkpolicy -V.
@@ -114,7 +98,6 @@ $(sepolicy_policy.conf) : $(call build_policy, $(sepolicy_build_files))
@mkdir -p $(dir $@)
$(hide) m4 -D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \
-D target_build_variant=$(TARGET_BUILD_VARIANT) \
- -D force_permissive_to_unconfined=$(FORCE_PERMISSIVE_TO_UNCONFINED) \
-s $^ > $@
$(hide) sed '/dontaudit/d' $@ > $@.dontaudit
@@ -142,7 +125,6 @@ $(sepolicy_policy_recovery.conf) : $(call build_policy, $(sepolicy_build_files))
@mkdir -p $(dir $@)
$(hide) m4 -D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \
-D target_build_variant=$(TARGET_BUILD_VARIANT) \
- -D force_permissive_to_unconfined=$(FORCE_PERMISSIVE_TO_UNCONFINED) \
-D target_recovery=true \
-s $^ > $@
@@ -171,7 +153,6 @@ $(LOCAL_BUILT_MODULE): $(exp_sepolicy_build_files)
mkdir -p $(dir $@)
$(hide) m4 -D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \
-D target_build_variant=user \
- -D force_permissive_to_unconfined=true \
-s $^ > $@
$(hide) sed '/dontaudit/d' $@ > $@.dontaudit
diff --git a/attributes b/attributes
index 3f632ded6411905ffa8523d6e5a096b521aa534b..af9af8e92354591c618ba763e150a0de5fb84b5a 100644
--- a/attributes
+++ b/attributes
@@ -56,9 +56,6 @@ attribute mlstrustedsubject;
# i.e. files that can be read by lower and written by higher
attribute mlstrustedobject;
-# Domains that are allowed all permissions ("unconfined").
-attribute unconfineddomain;
-
# All domains used for apps.
attribute appdomain;
diff --git a/te_macros b/te_macros
index 1efe15f4118ec238fd68ffc350778dea2100c99b..de3f9f5aa7ebf83814bafe973d388e18cfe7c5f2 100644
--- a/te_macros
+++ b/te_macros
@@ -70,17 +70,6 @@ allow $1 $2:dir r_dir_perms;
allow $1 $2:{ file lnk_file } r_file_perms;
')
-#####################################
-# unconfined_domain(domain)
-# Allow the specified domain to perform more privileged operations
-# than would be typically allowed. Please see the comments at the
-# top of unconfined.te.
-#
-define(`unconfined_domain', `
-typeattribute $1 mlstrustedsubject;
-typeattribute $1 unconfineddomain;
-')
-
#####################################
# tmpfs_domain(domain)
# Define and allow access to a unique type for
@@ -307,17 +296,6 @@ define(`recovery_only', ifelse(target_recovery, `true', $1, ))
#
define(`userdebug_or_eng', ifelse(target_build_variant, `eng', $1, ifelse(target_build_variant, `userdebug', $1)))
-#####################################
-# permissive_or_unconfined
-# Returns "permissive $1" if FORCE_PERMISSIVE_TO_UNCONFINED is false,
-# and "unconfined($1)" otherwise.
-#
-# This is used for experimental domains, where we want to ensure
-# the domain is unconfined+enforcing once new SELinux policy development
-# has ceased.
-#
-define(`permissive_or_unconfined', ifelse(force_permissive_to_unconfined, `false', permissive $1;, unconfined_domain($1)))
-
#####################################
# write_logd(domain)
# Ability to write to android log
diff --git a/unconfined.te b/unconfined.te
deleted file mode 100644
index 559ed593a334baa335dc1a435f629e5005c39ac5..0000000000000000000000000000000000000000
--- a/unconfined.te
+++ /dev/null
@@ -1,93 +0,0 @@
-#######################################################
-#
-# This is the unconfined template. This template is the base policy
-# which is used by daemons and other privileged components of
-# Android.
-#
-# Historically, this template was called "unconfined" because it
-# allowed the domain to do anything it wanted. Over time,
-# this has changed, and will continue to change in the future.
-# The rules in this file will be removed when no remaining
-# unconfined domains require it, or when the rules contradict
-# Android security best practices. Domains which need rules not
-# provided by the unconfined template should add them directly to
-# the relevant policy.
-#
-# The use of this template is discouraged.
-######################################################
-
-allow unconfineddomain self:capability ~{ sys_ptrace sys_rawio mknod sys_module audit_write audit_control linux_immutable };
-allow unconfineddomain self:capability2 ~{ mac_override mac_admin };
-allow unconfineddomain kernel:security ~{ load_policy setenforce setcheckreqprot setbool setsecparam };
-allow unconfineddomain kernel:system ~{ syslog_read syslog_mod syslog_console };
-allow unconfineddomain domain:fd *;
-allow unconfineddomain domain:dir r_dir_perms;
-allow unconfineddomain domain:lnk_file r_file_perms;
-allow unconfineddomain domain:{ fifo_file file } rw_file_perms;
-allow unconfineddomain domain:{
- socket
- netlink_socket
- key_socket
- unix_stream_socket
- unix_dgram_socket
- netlink_route_socket
- netlink_firewall_socket
- netlink_tcpdiag_socket
- netlink_nflog_socket
- netlink_xfrm_socket
- netlink_selinux_socket
- netlink_audit_socket
- netlink_ip6fw_socket
- netlink_dnrt_socket
- netlink_kobject_uevent_socket
- tun_socket
-} *;
-allow unconfineddomain domain:key *;
-allow unconfineddomain {fs_type -contextmount_type -sdcard_type}:{ dir lnk_file sock_file fifo_file } ~{ relabelto mounton };
-allow unconfineddomain dev_type:{ dir lnk_file sock_file fifo_file } ~{ relabelto mounton };
-allow unconfineddomain {
- file_type
- -keystore_data_file
- -property_data_file
- -system_file
- -exec_type
- -security_file
- -shell_data_file
- -app_data_file
- -unlabeled
-}:{ dir lnk_file sock_file fifo_file } ~{ relabelto mounton };
-allow unconfineddomain exec_type:dir r_dir_perms;
-allow unconfineddomain exec_type:file { r_file_perms execute };
-allow unconfineddomain exec_type:lnk_file r_file_perms;
-allow unconfineddomain system_file:dir r_dir_perms;
-allow unconfineddomain system_file:file { r_file_perms execute };
-allow unconfineddomain system_file:lnk_file r_file_perms;
-allow unconfineddomain {
- fs_type
- -usermodehelper
- -proc_security
- -contextmount_type
- -rootfs
- -sdcard_type
- -device
-}:{ chr_file file } ~{entrypoint execute_no_trans execmod execute relabelto};
-allow unconfineddomain {dev_type -device -kmem_device -hw_random_device}:{ chr_file file } ~{entrypoint execute_no_trans execmod execute relabelto};
-allow unconfineddomain {
- file_type
- -keystore_data_file
- -property_data_file
- -system_file
- -exec_type
- -security_file
- -shell_data_file
- -app_data_file
- -unlabeled
- -dalvikcache_data_file
-}:{ chr_file file } ~{entrypoint execute_no_trans execmod execute relabelto};
-allow unconfineddomain rootfs:file execute;
-allow unconfineddomain contextmount_type:dir r_dir_perms;
-allow unconfineddomain contextmount_type:notdevfile_class_set r_file_perms;
-allow unconfineddomain node_type:node *;
-allow unconfineddomain netif_type:netif *;
-allow unconfineddomain domain:peer recv;
-allow unconfineddomain { domain -init }:binder { call transfer };