Move gpu_device type and rules to core policy.
Change-Id: I3ce0b4bd25e078698a1c50242aaed414bf5cb517
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
diff --git a/BoardConfigCommon.mk b/BoardConfigCommon.mk
index 0f83e65..b01baac 100755
--- a/BoardConfigCommon.mk
+++ b/BoardConfigCommon.mk
@@ -108,7 +108,6 @@
# The list below is order dependent
BOARD_SEPOLICY_UNION += \
- app.te \
bluetooth_loader.te \
bridge.te \
camera.te \
diff --git a/sepolicy/app.te b/sepolicy/app.te
deleted file mode 100644
index 19da482..0000000
--- a/sepolicy/app.te
+++ /dev/null
@@ -1,3 +0,0 @@
-# Grant GPU access to all processes started by Zygote.
-# They need that to render the standard UI.
-allow appdomain gpu_device:chr_file { rw_file_perms execute };
diff --git a/sepolicy/device.te b/sepolicy/device.te
index d281a55..b6e993a 100644
--- a/sepolicy/device.te
+++ b/sepolicy/device.te
@@ -1,6 +1,3 @@
-# GPU (used by most UI apps)
-type gpu_device, dev_type, mlstrustedobject;
-
type wlan_device, dev_type;
type diag_device, dev_type;
diff --git a/sepolicy/surfaceflinger.te b/sepolicy/surfaceflinger.te
index f0a3d25..db248db 100644
--- a/sepolicy/surfaceflinger.te
+++ b/sepolicy/surfaceflinger.te
@@ -1,5 +1,2 @@
-# Grant GPU access to SurfaceFlinger
-allow surfaceflinger gpu_device:chr_file rw_file_perms;
-
allow surfaceflinger sysfs_surfaceflinger:file rw_file_perms;
unix_socket_connect(surfaceflinger, ppd, ppd)
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
index 6570ad1..356afb1 100644
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@@ -1,6 +1,3 @@
-# Grant GPU access to system services (e.g., PowerManagerService)
-allow system_server gpu_device:chr_file rw_file_perms;
-
# Grant access to Qualcomm MSM Interface (QMI) radio sockets to system services
# (e.g., LocationManager)
qmux_socket(system_server)
