From ed05e53cd751c273ddd378a1d7d4e7685d27b1e2 Mon Sep 17 00:00:00 2001
From: Adam Shih <adamshih@google.com>
Date: Wed, 23 Nov 2022 13:45:50 +0800
Subject: [PATCH] remove permissions that are not relevant to boot

Bug: 254378739
Test: boot to home with no relevant error
Change-Id: Ie1bd477aeaf5fc38ce9d5160a7512cdfa17df9e3
---
 legacy/whitechapel_pro/installd.te       |  1 -
 legacy/whitechapel_pro/omadm.te          | 10 ----------
 legacy/whitechapel_pro/seapp_contexts    |  3 ---
 legacy/whitechapel_pro/shell.te          |  5 -----
 legacy/whitechapel_pro/surfaceflinger.te |  1 -
 legacy/whitechapel_pro/toolbox.te        |  3 ---
 6 files changed, 23 deletions(-)
 delete mode 100644 legacy/whitechapel_pro/installd.te
 delete mode 100644 legacy/whitechapel_pro/omadm.te
 delete mode 100644 legacy/whitechapel_pro/shell.te
 delete mode 100644 legacy/whitechapel_pro/surfaceflinger.te
 delete mode 100644 legacy/whitechapel_pro/toolbox.te

diff --git a/legacy/whitechapel_pro/installd.te b/legacy/whitechapel_pro/installd.te
deleted file mode 100644
index 44e74c63..00000000
--- a/legacy/whitechapel_pro/installd.te
+++ /dev/null
@@ -1 +0,0 @@
-dontaudit installd modem_img_file:filesystem quotaget;
diff --git a/legacy/whitechapel_pro/omadm.te b/legacy/whitechapel_pro/omadm.te
deleted file mode 100644
index 3990dd7b..00000000
--- a/legacy/whitechapel_pro/omadm.te
+++ /dev/null
@@ -1,10 +0,0 @@
-# OMADM app
-type omadm_app, domain;
-
-app_domain(omadm_app)
-net_domain(omadm_app)
-
-allow omadm_app radio_vendor_data_file:dir rw_dir_perms;
-allow omadm_app radio_vendor_data_file:file create_file_perms;
-allow omadm_app app_api_service:service_manager find;
-allow omadm_app radio_service:service_manager find;
diff --git a/legacy/whitechapel_pro/seapp_contexts b/legacy/whitechapel_pro/seapp_contexts
index a2d2a19a..a7505ad6 100644
--- a/legacy/whitechapel_pro/seapp_contexts
+++ b/legacy/whitechapel_pro/seapp_contexts
@@ -4,9 +4,6 @@ user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_d
 # Domain for OFLBasicAgentApp to support NFC/eSIM fw upgrade
 user=_app isPrivApp=true  seinfo=platform name=com.thales.device.ofl.app.basicagent domain=ofl_app type=app_data_file levelFrom=user
 
-# Domain for omadm
-user=_app isPrivApp=true seinfo=platform name=com.android.omadm.service domain=omadm_app type=app_data_file levelFrom=all
-
 # HbmSVManager
 user=_app seinfo=platform name=com.android.hbmsvmanager domain=hbmsvmanager_app type=app_data_file levelFrom=all
 
diff --git a/legacy/whitechapel_pro/shell.te b/legacy/whitechapel_pro/shell.te
deleted file mode 100644
index 978a5426..00000000
--- a/legacy/whitechapel_pro/shell.te
+++ /dev/null
@@ -1,5 +0,0 @@
-# Allow access to the SJTAG kernel interface from the shell
-userdebug_or_eng(`
-  allow shell sysfs_sjtag:dir r_dir_perms;
-  allow shell sysfs_sjtag:file rw_file_perms;
-')
diff --git a/legacy/whitechapel_pro/surfaceflinger.te b/legacy/whitechapel_pro/surfaceflinger.te
deleted file mode 100644
index 9629299b..00000000
--- a/legacy/whitechapel_pro/surfaceflinger.te
+++ /dev/null
@@ -1 +0,0 @@
-allow surfaceflinger vendor_fw_file:dir search;
diff --git a/legacy/whitechapel_pro/toolbox.te b/legacy/whitechapel_pro/toolbox.te
deleted file mode 100644
index 9fbbb7ab..00000000
--- a/legacy/whitechapel_pro/toolbox.te
+++ /dev/null
@@ -1,3 +0,0 @@
-allow toolbox ram_device:blk_file rw_file_perms;
-allow toolbox per_boot_file:dir create_dir_perms;
-allow toolbox per_boot_file:file create_file_perms;