Remove service_manager_local_audit_domain.
service_manager_local_audit_domain was used to fine tune the service_manager
auditallow rules when introducing the service_manager SELinux rules. This is no
longer needed.
Bug: 21656807
Change-Id: Ia042a887e7bf9eb2a2b08b8d831e68dfe6395f75
diff --git a/attributes b/attributes
index a9b211f..e42edd6 100644
--- a/attributes
+++ b/attributes
@@ -73,6 +73,3 @@
# All domains used for binder service domains.
attribute binderservicedomain;
-
-# All domains that are excluded from the domain.te auditallow.
-attribute service_manager_local_audit;
diff --git a/dumpstate.te b/dumpstate.te
index 43daac4..584b140 100644
--- a/dumpstate.te
+++ b/dumpstate.te
@@ -109,6 +109,5 @@
allow dumpstate { service_manager_type -gatekeeper_service }:service_manager find;
allow dumpstate servicemanager:service_manager list;
-service_manager_local_audit_domain(dumpstate)
allow dumpstate devpts:chr_file rw_file_perms;
diff --git a/isolated_app.te b/isolated_app.te
index 1cede96..ef68986 100644
--- a/isolated_app.te
+++ b/isolated_app.te
@@ -18,8 +18,6 @@
allow isolated_app activity_service:service_manager find;
allow isolated_app display_service:service_manager find;
-service_manager_local_audit_domain(isolated_app)
-
#####
##### Neverallow
#####
diff --git a/shell.te b/shell.te
index ac55346..1be9eec 100644
--- a/shell.te
+++ b/shell.te
@@ -63,7 +63,6 @@
allow shell servicemanager:service_manager list;
# don't allow shell to access GateKeeper service
allow shell { service_manager_type -gatekeeper_service }:service_manager find;
-service_manager_local_audit_domain(shell)
# allow shell to look through /proc/ for ps, top
allow shell domain:dir { search open read getattr };
diff --git a/su.te b/su.te
index 9c01fc5..d4a488b 100644
--- a/su.te
+++ b/su.te
@@ -50,5 +50,4 @@
dontaudit su domain:debuggerd *;
dontaudit su domain:drmservice *;
dontaudit su unlabeled:filesystem *;
- service_manager_local_audit_domain(su)
')
diff --git a/te_macros b/te_macros
index 5248f18..a76bb5d 100644
--- a/te_macros
+++ b/te_macros
@@ -365,14 +365,6 @@
')
###########################################
-# service_manager_local_audit_domain(domain)
-# Has its own auditallow rule on service_manager
-# and should be excluded from the domain.te auditallow.
-define(`service_manager_local_audit_domain', `
- typeattribute $1 service_manager_local_audit;
-')
-
-###########################################
# use_drmservice(domain)
# Ability to use DrmService which requires
# DrmService to call getpidcon.
