Merge "Revert "Set up access control rule for aocxd"" into main

aoc/aoc.mk

@@ -1,6 +1,4 @@
-BOARD_VENDOR_SEPOLICY_DIRS += \
-    device/google/gs-common/aoc/sepolicy \
-    device/google/gs-common/aoc/sepolicy/allowlist
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/aoc/sepolicy
 
 PRODUCT_PACKAGES += dump_aoc \
 		    aocd \

aoc/sepolicy/allowlist/aocxd_neverallow.te

@@ -1,11 +0,0 @@
-# set up rule to control the access to aocxd
-neverallow {
-  domain
-  -hwservicemanager
-  -servicemanager
-  -vndservicemanager
-  -system_suspend_server
-  -dumpstate
-  -hal_audio_default
-  -aocxdallowdomain
-} aocxd:binder { call transfer };

aoc/sepolicy/allowlist/aocxdallowdomain.te

@@ -1,6 +0,0 @@
-# Aocx AIDL service
-allow aocxdallowdomain aocx:service_manager find;
-
-binder_call(aocxdallowdomain, aocxd)
-# Allow aocxd asynchronous callback to aocxdallowdomain
-binder_call(aocxd, aocxdallowdomain)

aoc/sepolicy/allowlist/attributes

@@ -1,2 +0,0 @@
-# Allow domain to access aocx HAL API
-attribute aocxdallowdomain;