Drop SELinux management rules from AOSP.

As AOSP does not support the device admin API or the older SEManager system app, just drop the allow rules associated with permitting SELinux management via device admin or a system app. Change-Id: Icdf40c9e6d343b19c156e4c7aea4cfb8c5f234ad Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Drop SELinux management rules from AOSP.
88ae5595 · Stephen Smalley · cebe6a65 · 88ae5595
Commit 88ae5595 authored 11 years ago by Stephen Smalley
--- a/system.te
+++ b/system.te
@@ -30,22 +30,6 @@ selinux_getenforce(system_app)
 # Settings app reads sdcard for storage stats
 allow system_app sdcard_type:dir r_dir_perms;
-bool manage_selinux true;
-if (manage_selinux) {
-selinux_manage_policy(system)
-selinux_manage_policy(system_app)
-access_kmsg(system)
-access_kmsg(system_app)
-}
-bool manage_mac true;
-if (manage_mac) {
-mmac_manage_policy(system)
-mmac_manage_policy(system_app)
-access_logcat(system)
-access_logcat(system_app)
-}
 #
 # System Server aka system_server spawned by zygote.
 # Most of the framework services run in this process.