Revert "Add compatibility.te."
We are mostly running in per-domain permissive mode right now,
so these compatibility rules are unnecessary.
This reverts commit c80dc0c32147ad5068e40ff7bfabfc2239a4b90d.
diff --git a/BoardConfig.mk b/BoardConfig.mk
index b548a76..1d54f77 100644
--- a/BoardConfig.mk
+++ b/BoardConfig.mk
@@ -50,7 +50,6 @@
genfs_contexts \
app.te \
btmacreader.te \
- compatibility.te \
device.te \
drmserver.te \
init_shell.te \
diff --git a/sepolicy/compatibility.te b/sepolicy/compatibility.te
deleted file mode 100644
index 2f6c079..0000000
--- a/sepolicy/compatibility.te
+++ /dev/null
@@ -1,111 +0,0 @@
-# This file contains autogenerated policy based on
-# denials seen in the wild.
-#
-# As a general rule, you should not add policy to
-# this file. You SHOULD treat this policy very
-# skeptically- while it does preserve compatibility,
-# it is also extremely overbroad.
-#
-# Over time this list should trend to size 0. Your
-# assistance in bringing it to 0 is highly appreciated.
-
-#============= adbd ==============
-allow adbd app_data_file:dir { write add_name };
-allow adbd app_data_file:file { write create open setattr };
-allow adbd proc:file write;
-allow adbd system_data_file:file open;
-
-#============= drmserver ==============
-allow drmserver init:unix_stream_socket { read write };
-
-#============= init ==============
-allow init node:rawip_socket node_bind;
-
-#============= keystore ==============
-allow keystore init:unix_stream_socket { read write };
-
-#============= media_app ==============
-allow media_app system_data_file:file append;
-
-#============= mediaserver ==============
-allow mediaserver init:unix_stream_socket { read write };
-allow mediaserver system_data_file:file open;
-
-#============= nfc ==============
-allow nfc system_data_file:file append;
-
-#============= ping ==============
-allow ping adbd:process sigchld;
-
-#============= platform_app ==============
-allow platform_app init:unix_stream_socket { read write };
-#allow platform_app system_data_file:file append;
-allow platform_app unlabeled:file { read getattr open };
-
-#============= radio ==============
-allow radio init:unix_stream_socket { read write };
-allow radio system_data_file:file append;
-
-#============= release_app ==============
-allow release_app init:unix_stream_socket { read write };
-allow release_app system_data_file:file append;
-
-#============= shared_app ==============
-allow shared_app init:unix_stream_socket { read write };
-#allow shared_app system_data_file:file append;
-allow shared_app unlabeled:file { read getattr open };
-
-#============= shell ==============
-allow shell apk_private_data_file:dir getattr;
-allow shell asec_image_file:dir getattr;
-allow shell backup_data_file:dir getattr;
-allow shell device:sock_file write;
-allow shell drm_data_file:dir getattr;
-allow shell gps_data_file:dir getattr;
-allow shell rootfs:file getattr;
-allow shell sdcard_internal:dir { create rmdir };
-#allow shell self:capability { fowner fsetid dac_override };
-#allow shell self:capability2 syslog;
-#allow shell system_data_file:dir { write add_name };
-#allow shell system_data_file:file { write create setattr };
-allow shell vold:unix_stream_socket connectto;
-allow shell vold_socket:sock_file write;
-
-#============= surfaceflinger ==============
-allow surfaceflinger adbd:binder call;
-allow surfaceflinger init:unix_stream_socket { read write };
-allow surfaceflinger nfc:binder call;
-allow surfaceflinger sysfs:file write;
-
-#============= system ==============
-allow system adbd_socket:sock_file write;
-allow system init:unix_stream_socket { read write };
-allow system proc:file write;
-allow system security_file:lnk_file read;
-allow system unlabeled:file { read getattr open };
-
-#============= system_app ==============
-allow system_app unlabeled:file { read getattr open };
-
-#============= untrusted_app ==============
-allow untrusted_app init:dir { getattr search };
-allow untrusted_app init:file { read getattr open };
-allow untrusted_app init:unix_stream_socket { read write };
-allow untrusted_app kernel:dir { search getattr };
-allow untrusted_app kernel:file { read getattr open };
-allow untrusted_app servicemanager:dir { search getattr };
-allow untrusted_app servicemanager:file { read getattr open };
-allow untrusted_app shared_app:fifo_file write;
-#allow untrusted_app system_data_file:file append;
-allow untrusted_app unlabeled:dir getattr;
-allow untrusted_app unlabeled:file { read getattr open };
-
-#============= vold ==============
-allow vold unlabeled:dir { read getattr open };
-
-#============= wpa ==============
-allow wpa init:unix_dgram_socket sendto;
-allow wpa wifi_data_file:sock_file write;
-
-#============= zygote ==============
-allow zygote security_file:lnk_file read;
