sepolicy: Clean up policy for N
Change-Id: I39ddec0f60a9995de13b82f09705d246d7e0f454
diff --git a/sepolicy/app.te b/sepolicy/app.te
deleted file mode 100644
index d9bc450..0000000
--- a/sepolicy/app.te
+++ /dev/null
@@ -1,4 +0,0 @@
-# Access OBBs (sdcard_posix) mounted by vold
-# File write access allowed for FDs returned through Storage Access Framework
-allow appdomain sdcard_posix:dir r_dir_perms;
-allow appdomain sdcard_posix:file rw_file_perms;
diff --git a/sepolicy/domain.te b/sepolicy/domain.te
index b1fc15e..e05768e 100644
--- a/sepolicy/domain.te
+++ b/sepolicy/domain.te
@@ -2,4 +2,3 @@
allow domain block_device:blk_file getattr;
allow domain cache_block_device:blk_file getattr;
allow domain userdata_block_device:blk_file getattr;
-allow domain fuse_device:chr_file getattr;
diff --git a/sepolicy/file.te b/sepolicy/file.te
index d7d6b42..dc8df1f 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -14,3 +14,8 @@
# Knobs for LiveDisplay
type livedisplay_sysfs, sysfs_type, file_type;
+
+# Filesystems
+type exfat, sdcard_type, fs_type, mlstrustedobject;
+type fuseblk, sdcard_type, fs_type, mlstrustedobject;
+type ntfs, sdcard_type, fs_type, mlstrustedobject;
diff --git a/sepolicy/genfs_contexts b/sepolicy/genfs_contexts
index b39d3dd..b5652a2 100644
--- a/sepolicy/genfs_contexts
+++ b/sepolicy/genfs_contexts
@@ -1,3 +1,3 @@
-genfscon fuseblk / u:object_r:sdcard_external:s0
-genfscon exfat / u:object_r:sdcard_external:s0
-genfscon ntfs / u:object_r:sdcard_external:s0
+genfscon fuseblk / u:object_r:fuseblk:s0
+genfscon exfat / u:object_r:exfat:s0
+genfscon ntfs / u:object_r:ntfs:s0
diff --git a/sepolicy/installd.te b/sepolicy/installd.te
index 65f471a..47f0c52 100644
--- a/sepolicy/installd.te
+++ b/sepolicy/installd.te
@@ -1,3 +1,3 @@
# Allow querying of asec size on SD card
-allow installd sdcard_external:dir { search };
-allow installd sdcard_external:file { getattr };
+allow installd sdcard_type:dir { search };
+allow installd sdcard_type:file { getattr };
diff --git a/sepolicy/mediaserver.te b/sepolicy/mediaserver.te
deleted file mode 100644
index 829210c..0000000
--- a/sepolicy/mediaserver.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# For camera
-allow mediaserver media_rw_data_file:file write;
diff --git a/sepolicy/platform_app.te b/sepolicy/platform_app.te
deleted file mode 100644
index bb2c75f..0000000
--- a/sepolicy/platform_app.te
+++ /dev/null
@@ -1,8 +0,0 @@
-# Direct access to vold-mounted storage under /mnt/media_rw
-# This is a performance optimization that allows platform apps to bypass the FUSE layer
-allow platform_app sdcard_posix:dir create_dir_perms;
-allow platform_app sdcard_posix:file create_file_perms;
-
-# Allow batterymanager and batteryproperties services to be found
-allow platform_app battery_service:service_manager find;
-allow platform_app healthd_service:service_manager find;
diff --git a/sepolicy/recovery.te b/sepolicy/recovery.te
index 870c5f8..18b59fe 100644
--- a/sepolicy/recovery.te
+++ b/sepolicy/recovery.te
@@ -22,8 +22,8 @@
allow recovery media_rw_data_file:file r_file_perms;
allow recovery vfat:dir r_dir_perms;
allow recovery vfat:file r_file_perms;
-allow recovery sdcard_posix:dir r_dir_perms;
-allow recovery sdcard_posix:file r_file_perms;
+allow recovery sdcard_type:dir r_dir_perms;
+allow recovery sdcard_type:file r_file_perms;
# Control properties
allow recovery recovery_prop:property_service set;
diff --git a/sepolicy/vold.te b/sepolicy/vold.te
index efca286..7d7a78e 100644
--- a/sepolicy/vold.te
+++ b/sepolicy/vold.te
@@ -1,11 +1,11 @@
domain_trans(init, rootfs, vold)
# Allow vold to manage ASEC
-allow vold sdcard_external:file create_file_perms;
+allow vold sdcard_type:file create_file_perms;
allow vold vold_tmpfs:file create_file_perms;
# Allow vold to access fuse for fuse-based fs
-allow vold fuse_device:chr_file rw_file_perms;
+allow vold fuseblk:chr_file rw_file_perms;
# NTFS-3g wants to drop permission
allow vold self:capability { setgid setuid };