vendor: move sepolicy to device/pa/sepolicy

Change-Id: I0eda57cfd95d313d6cd544983504ed55a608d11b

main.mk

@@ -141,9 +141,6 @@ PRODUCT_PACKAGES += libbthost_if
 PRODUCT_PACKAGES += telephony-ext
 PRODUCT_BOOT_JARS += telephony-ext
 
-# Include vendor SEPolicy changes
-include vendor/pa/sepolicy/sepolicy.mk
-
 # Include proprietary header flags if vendor/head exists
 -include vendor/head/head-capabilities.mk
 

sepolicy/audioserver.te

@@ -1 +0,0 @@
-binder_call(audioserver, bootanim);

sepolicy/dumpstate.te

@@ -1,12 +0,0 @@
-allow dumpstate app_data_file:fifo_file getattr;
-
-allow dumpstate dalvikcache_data_file:dir r_dir_perms;
-allow dumpstate dalvikcache_data_file:file r_file_perms;
-allow dumpstate fuse:dir r_dir_perms;
-allow dumpstate fuse:file r_file_perms;
-
-allow dumpstate sdcardfs:dir r_dir_perms;
-allow dumpstate sdcardfs:file r_file_perms;
-
-allow dumpstate media_rw_data_file:dir r_dir_perms;
-allow dumpstate media_rw_data_file:file r_file_perms;

sepolicy/file.te

@@ -1,2 +0,0 @@
-# Pocket judge
-type pocket_judge_sysfs, fs_type, sysfs_type;

sepolicy/file_contexts

@@ -1,11 +0,0 @@
-# For EXFAT/F2FS/NTFS partitions marked "formattable"
-/system/bin/mkfs\.exfat   u:object_r:mkfs_exec:s0
-/system/bin/mkfs\.f2fs    u:object_r:mkfs_exec:s0
-/system/bin/mkfs\.ntfs    u:object_r:mkfs_exec:s0
-
-# fsck
-/system/bin/fsck\.ntfs                          u:object_r:fsck_exec:s0
-/system/bin/fsck\.exfat                         u:object_r:fsck_exec:s0
-
-# Pocket judge
-/sys/kernel/pocket_judge(/.*)?	u:object_r:pocket_judge_sysfs:s0

sepolicy/init.te

@@ -1,4 +0,0 @@
-# Allow formatting userdata or cache partitions
-allow init block_device:dir search;
-allow init userdata_block_device:blk_file rw_file_perms;
-allow init cache_block_device:blk_file rw_file_perms;

sepolicy/isolated_app.te

@@ -1,5 +0,0 @@
-# Rules for gello sandboxed process
-allow isolated_app app_data_file:dir search;
-allow isolated_app app_data_file:file ioctl;
-
-allow isolated_app untrusted_app:unix_stream_socket ioctl;

sepolicy/mkfs.te

@@ -1,9 +0,0 @@
-type mkfs, coredomain, domain;
-type mkfs_exec, exec_type, file_type;
-
-init_daemon_domain(mkfs)
-
-# Allow formatting userdata or cache partitions
-allow mkfs block_device:dir search;
-allow mkfs userdata_block_device:blk_file rw_file_perms;
-allow mkfs cache_block_device:blk_file rw_file_perms;

sepolicy/platform_app.te

@@ -1,2 +0,0 @@
-# Allow Gallery3D to crop user images
-allow platform_app system_app_data_file:file rw_file_perms;

sepolicy/sepolicy.mk

@@ -1,2 +0,0 @@
-# This policy configuration will be used by all products that inherit from vendor
-BOARD_PLAT_PRIVATE_SEPOLICY_DIR += vendor/pa/sepolicy

sepolicy/service.te

@@ -1,2 +0,0 @@
-type edgegesture_service, system_api_service, system_server_service, service_manager_type;
-type pocket_service, system_api_service, system_server_service, service_manager_type;

sepolicy/service_contexts

@@ -1,2 +0,0 @@
-edgegestureservice                        u:object_r:edgegesture_service:s0
-pocket                                    u:object_r:pocket_service:s0

sepolicy/system_app.te

@@ -1 +0,0 @@
-allow system_app selinuxfs:file r_file_perms;

sepolicy/system_server.te

@@ -1,9 +0,0 @@
-allow system_server edgegesture_service:service_manager { add find };
-allow system_server pocket_service:service_manager { add find };
-
-allow system_server media_rw_data_file:dir r_dir_perms;
-
-allow system_server user_profile_data_file:dir r_dir_perms;
-
-allow system_server pocket_judge_sysfs:dir search;
-allow system_server pocket_judge_sysfs:file rw_file_perms;

sepolicy/zygote.te

@@ -1 +0,0 @@
-allow zygote self:capability sys_nice;