te_macros: drop unused macros

(cherry picked from commit 2925c1cc) boolean and setenforce macros are not used in base policy and cannot be used in any policy, since they violate neverallow rules. Remove these from the policy. Change-Id: Icc0780eaf06e95af36306031e1f615b05cb79869 Signed-off-by: William Roberts <william.c.roberts@intel.com>

te_macros: drop unused macros
9108d1ae · William Roberts · Jeff Vander Stoep · 008d14f4 · 9108d1ae
Commit 9108d1ae authored 8 years ago by William Roberts Committed by Jeff Vander Stoep 8 years ago
--- a/te_macros
+++ b/te_macros
@@ -249,22 +249,6 @@ allow $1 selinuxfs:file w_file_perms;
 allow $1 kernel:security check_context;
 ')

-#####################################
-# selinux_setenforce(domain)
-# Allow domain to set SELinux to enforcing.
-define(`selinux_setenforce', `
-allow $1 selinuxfs:file rw_file_perms;
-allow $1 kernel:security setenforce;
-')
-
-#####################################
-# selinux_setbool(domain)
-# Allow domain to set SELinux booleans.
-define(`selinux_setbool', `
-allow $1 selinuxfs:file rw_file_perms;
-allow $1 kernel:security setbool;
-')
-
 #####################################
 # create_pty(domain)
 # Allow domain to create and use a pty, isolated from any other domain ptys.