am 0243e5cf: system_server.te: remove policy load permissions

* commit '0243e5cf': system_server.te: remove policy load permissions

am 0243e5cf: system_server.te: remove policy load permissions
a3aa1db3 · Jeff Vander Stoep · Android Git Automerger · 60442d18 · 0243e5cf · a3aa1db3
Commit a3aa1db3 authored Sep 1, 2015 by Jeff Vander Stoep Committed by Android Git Automerger Sep 1, 2015
--- a/system_server.te
+++ b/system_server.te
@@ -360,9 +360,6 @@ r_dir_file(system_server, fscklogs)
 allow system_server fscklogs:dir { write remove_name };
 allow system_server fscklogs:file unlink;
-# For SELinuxPolicyInstallReceiver
-selinux_manage_policy(system_server)
 # logd access, system_server inherit logd write socket
 # (urge is to deprecate this long term)
 allow system_server zygote:unix_dgram_socket write;

--- a/te_macros
+++ b/te_macros
@@ -247,18 +247,6 @@ allow $1 security_file:dir r_dir_perms;
 allow $1 security_file:file r_file_perms;
 ')
-#####################################
-# selinux_manage_policy(domain)
-# Ability to manage policy files and
-# trigger runtime reload.
-define(`selinux_manage_policy', `
-security_access_policy($1)
-allow $1 security_file:dir create_dir_perms;
-allow $1 security_file:file create_file_perms;
-allow $1 security_file:lnk_file { create rename unlink };
-set_prop($1, security_prop)
-')
 #####################################
 # mmac_manage_policy(domain)
 # Ability to manage mmac policy files,