Move gpu_device type and rules to core policy.
Also rename mali_device to the more general gpu_device in manta sepolicy.
Also drop other rules that are duplicated in external/sepolicy.
Change-Id: I3ce0b4bd25e078698a1c50242aaed414bf5cb517
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
diff --git a/BoardConfig.mk b/BoardConfig.mk
index 2b41910..065f7d2 100755
--- a/BoardConfig.mk
+++ b/BoardConfig.mk
@@ -89,12 +89,10 @@
file_contexts \
genfs_contexts \
adbd.te \
- app.te \
device.te \
domain.te \
healthd.te \
gpsd.te \
file.te \
mediaserver.te \
- surfaceflinger.te \
system_server.te
diff --git a/sepolicy/app.te b/sepolicy/app.te
deleted file mode 100644
index 8f26a47..0000000
--- a/sepolicy/app.te
+++ /dev/null
@@ -1,2 +0,0 @@
-allow appdomain mali_device:chr_file rw_file_perms;
-allow appdomain ion_device:chr_file w_file_perms;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 24832dc..aa55e60 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -1,6 +1,4 @@
-# label graphics device with a new type, we need
-# to allow write operation from appdomain
-/dev/mali0 u:object_r:mali_device:s0
+/dev/mali0 u:object_r:gpu_device:s0
/dev/bcm2079x u:object_r:nfc_device:s0
/dev/ttySAC0 u:object_r:hci_attach_dev:s0
diff --git a/sepolicy/surfaceflinger.te b/sepolicy/surfaceflinger.te
deleted file mode 100644
index 986ee1d..0000000
--- a/sepolicy/surfaceflinger.te
+++ /dev/null
@@ -1,2 +0,0 @@
-allow surfaceflinger appdomain:fd use;
-allow surfaceflinger mali_device:chr_file rw_file_perms;
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
index 7aba654..3fa8769 100644
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@@ -1,5 +1,3 @@
-allow system_server mali_device:chr_file rw_file_perms;
-
# Label the .gps.interface.pipe.to_jni pipe with gps_data_file.
type_transition system_server system_data_file:fifo_file gps_data_file ".gps.interface.pipe.to_jni";
