vendor: Kill sepolicy
* Will be re-written in device/lineage
Change-Id: I755d129efbc69b712a20833b7b51187bfd66e844
diff --git a/sepolicy/adbd.te b/sepolicy/adbd.te
deleted file mode 100644
index 80627d6..0000000
--- a/sepolicy/adbd.te
+++ /dev/null
@@ -1 +0,0 @@
-set_prop(adbd, adbsecure_prop)
diff --git a/sepolicy/app.te b/sepolicy/app.te
deleted file mode 100644
index b2ad553..0000000
--- a/sepolicy/app.te
+++ /dev/null
@@ -1,3 +0,0 @@
-# Themed resources (i.e. composed icons)
-allow appdomain themeservice_app_data_file:dir r_dir_perms;
-allow appdomain themeservice_app_data_file:file r_file_perms;
diff --git a/sepolicy/bluetooth.te b/sepolicy/bluetooth.te
deleted file mode 100644
index e45a434..0000000
--- a/sepolicy/bluetooth.te
+++ /dev/null
@@ -1 +0,0 @@
-r_dir_file(bluetooth, storage_stub_file);
diff --git a/sepolicy/bootanim.te b/sepolicy/bootanim.te
deleted file mode 100644
index 29c20d5..0000000
--- a/sepolicy/bootanim.te
+++ /dev/null
@@ -1,3 +0,0 @@
-# Themed resources (bootanimation)
-allow bootanim themeservice_app_data_file:dir search;
-allow bootanim themeservice_app_data_file:file r_file_perms;
diff --git a/sepolicy/domain.te b/sepolicy/domain.te
deleted file mode 100644
index e05768e..0000000
--- a/sepolicy/domain.te
+++ /dev/null
@@ -1,4 +0,0 @@
-allow domain block_device:dir { search getattr };
-allow domain block_device:blk_file getattr;
-allow domain cache_block_device:blk_file getattr;
-allow domain userdata_block_device:blk_file getattr;
diff --git a/sepolicy/drmserver.te b/sepolicy/drmserver.te
deleted file mode 100644
index 508791f..0000000
--- a/sepolicy/drmserver.te
+++ /dev/null
@@ -1 +0,0 @@
-allow drmserver themeservice_app_data_file:file r_file_perms;
diff --git a/sepolicy/file.te b/sepolicy/file.te
deleted file mode 100644
index 707f640..0000000
--- a/sepolicy/file.te
+++ /dev/null
@@ -1,18 +0,0 @@
-# Support asec containers getting mounted
-allow file_type rootfs:filesystem associate;
-
-# Themes
-type themeservice_app_data_file, file_type, data_file_type;
-
-# Performance settings
-type sysfs_devices_system_iosched, file_type, sysfs_type;
-
-# Persistent property storage
-type persist_property_file, file_type;
-
-# Knobs for LiveDisplay
-type livedisplay_sysfs, sysfs_type, file_type;
-
-# Filesystems
-type exfat, sdcard_type, fs_type, mlstrustedobject;
-type ntfs, sdcard_type, fs_type, mlstrustedobject;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
deleted file mode 100644
index 1e58f14..0000000
--- a/sepolicy/file_contexts
+++ /dev/null
@@ -1,52 +0,0 @@
-/cache/dalvik-cache(/.*)? u:object_r:dalvikcache_data_file:s0
-
-# Themes
-/data/system/theme(/.*)? u:object_r:themeservice_app_data_file:s0
-
-/system/bin/sysinit u:object_r:sysinit_exec:s0
-
-/system/etc/init\.d/90userinit u:object_r:userinit_exec:s0
-/data/local/userinit\.sh u:object_r:userinit_data_exec:s0
-
-# For EXFAT/F2FS/NTFS partitions marked "formattable"
-/system/bin/mkfs\.exfat u:object_r:mkfs_exec:s0
-/system/bin/mkfs\.f2fs u:object_r:mkfs_exec:s0
-/system/bin/mkfs\.ntfs u:object_r:mkfs_exec:s0
-
-# For minivold in recovery
-/sbin/minivold u:object_r:vold_exec:s0
-
-#############################
-# performance-related sysfs files (CM)
-/sys/devices/system/cpu.*/cpufreq(/.*)? u:object_r:sysfs_devices_system_cpu:s0
-/sys/block/mmcblk.*/queue/scheduler u:object_r:sysfs_devices_system_iosched:s0
-
-/data/hostapd(/.*)? u:object_r:wifi_data_file:s0
-
-#############
-# Superuser's control sockets
-/dev/socket/su-daemon(/.*)? u:object_r:superuser_device:s0
-
-# Expansion of these hooks is a bit unconventional
-/cache/com\.cyanogenmod\.keyhandler\.dex u:object_r:dalvikcache_data_file:s0
-
-# Lockscreen wallpaper
-/data/system/users/[0-9]+/keyguard_wallpaper u:object_r:wallpaper_file:s0
-
-# Persistent properties
-/persist/properties(/.*)? u:object_r:persist_property_file:s0
-
-# LiveDisplay
-/sys/devices/virtual/graphics/fb0/aco u:object_r:livedisplay_sysfs:s0
-/sys/devices/virtual/graphics/fb0/cabc u:object_r:livedisplay_sysfs:s0
-/sys/devices/virtual/graphics/fb0/hbm u:object_r:livedisplay_sysfs:s0
-/sys/devices/virtual/graphics/fb0/rgb u:object_r:livedisplay_sysfs:s0
-/sys/devices/virtual/graphics/fb0/sre u:object_r:livedisplay_sysfs:s0
-/sys/devices/virtual/graphics/fb0/color_enhance u:object_r:livedisplay_sysfs:s0
-
-# fsck
-/system/bin/fsck\.ntfs u:object_r:fsck_exec:s0
-/system/bin/fsck\.exfat u:object_r:fsck_exec:s0
-
-# bash
-/system/xbin/bash u:object_r:shell_exec:s0
diff --git a/sepolicy/fsck_untrusted.te b/sepolicy/fsck_untrusted.te
deleted file mode 100644
index 5d12f76..0000000
--- a/sepolicy/fsck_untrusted.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# External storage
-allow fsck_untrusted self:capability sys_admin;
diff --git a/sepolicy/genfs_contexts b/sepolicy/genfs_contexts
deleted file mode 100644
index b5652a2..0000000
--- a/sepolicy/genfs_contexts
+++ /dev/null
@@ -1,3 +0,0 @@
-genfscon fuseblk / u:object_r:fuseblk:s0
-genfscon exfat / u:object_r:exfat:s0
-genfscon ntfs / u:object_r:ntfs:s0
diff --git a/sepolicy/healthd.te b/sepolicy/healthd.te
deleted file mode 100644
index 4711cf5..0000000
--- a/sepolicy/healthd.te
+++ /dev/null
@@ -1 +0,0 @@
-allow healthd self:capability { dac_override dac_read_search };
diff --git a/sepolicy/hostapd.te b/sepolicy/hostapd.te
deleted file mode 100644
index 8a70f14..0000000
--- a/sepolicy/hostapd.te
+++ /dev/null
@@ -1 +0,0 @@
-allow hostapd netd:unix_dgram_socket sendto;
diff --git a/sepolicy/init.te b/sepolicy/init.te
deleted file mode 100644
index eaf9cae..0000000
--- a/sepolicy/init.te
+++ /dev/null
@@ -1,7 +0,0 @@
-# Allow formatting userdata or cache partitions
-allow init block_device:dir search;
-allow init userdata_block_device:blk_file rw_file_perms;
-allow init cache_block_device:blk_file rw_file_perms;
-
-# Allow init to send class_* trigger events
-allow init property_socket:sock_file write;
diff --git a/sepolicy/installd.te b/sepolicy/installd.te
deleted file mode 100644
index fc38117..0000000
--- a/sepolicy/installd.te
+++ /dev/null
@@ -1,8 +0,0 @@
-# Allow querying of asec size on SD card
-allow installd sdcard_type:dir { search };
-allow installd sdcard_type:file { getattr };
-
-# Required for installd to create theme service's /data/data directory
-allow installd themeservice_app_data_file:dir { create_dir_perms relabelfrom relabelto };
-allow installd themeservice_app_data_file:lnk_file { create_file_perms relabelfrom relabelto };
-allow installd themeservice_app_data_file:{ file sock_file fifo_file } { getattr unlink rename relabelfrom relabelto setattr };
diff --git a/sepolicy/kernel.te b/sepolicy/kernel.te
deleted file mode 100644
index b944a75..0000000
--- a/sepolicy/kernel.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# used by sdcardfs to read package list
-allow kernel system_data_file:file open;
diff --git a/sepolicy/livedisplay.te b/sepolicy/livedisplay.te
deleted file mode 100644
index a260e07..0000000
--- a/sepolicy/livedisplay.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# Various knobs used by LiveDisplay
-allow system_server livedisplay_sysfs:file rw_file_perms;
diff --git a/sepolicy/mac_permissions.xml b/sepolicy/mac_permissions.xml
deleted file mode 100644
index f70b722..0000000
--- a/sepolicy/mac_permissions.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<policy>
-
-<!-- Most Google-authored apps -->
- <signer signature="308204433082032ba003020102020900c2e08746644a308d300d06092a864886f70d01010405003074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f6964301e170d3038303832313233313333345a170d3336303130373233313333345a3074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f696430820120300d06092a864886f70d01010105000382010d00308201080282010100ab562e00d83ba208ae0a966f124e29da11f2ab56d08f58e2cca91303e9b754d372f640a71b1dcb130967624e4656a7776a92193db2e5bfb724a91e77188b0e6a47a43b33d9609b77183145ccdf7b2e586674c9e1565b1f4c6a5955bff251a63dabf9c55c27222252e875e4f8154a645f897168c0b1bfc612eabf785769bb34aa7984dc7e2ea2764cae8307d8c17154d7ee5f64a51a44a602c249054157dc02cd5f5c0e55fbef8519fbe327f0b1511692c5a06f19d18385f5c4dbc2d6b93f68cc2979c70e18ab93866b3bd5db8999552a0e3b4c99df58fb918bedc182ba35e003c1b4b10dd244a8ee24fffd333872ab5221985edab0fc0d0b145b6aa192858e79020103a381d93081d6301d0603551d0e04160414c77d8cc2211756259a7fd382df6be398e4d786a53081a60603551d2304819e30819b8014c77d8cc2211756259a7fd382df6be398e4d786a5a178a4763074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f6964820900c2e08746644a308d300c0603551d13040530030101ff300d06092a864886f70d010104050003820101006dd252ceef85302c360aaace939bcff2cca904bb5d7a1661f8ae46b2994204d0ff4a68c7ed1a531ec4595a623ce60763b167297a7ae35712c407f208f0cb109429124d7b106219c084ca3eb3f9ad5fb871ef92269a8be28bf16d44c8d9a08e6cb2f005bb3fe2cb96447e868e731076ad45b33f6009ea19c161e62641aa99271dfd5228c5c587875ddb7f452758d661f6cc0cccb7352e424cc4365c523532f7325137593c4ae341f4db41edda0d0b1071a7c440f0fe9ea01cb627ca674369d084bd2fd911ff06cdbf2cfa10dc0f893ae35762919048c7efc64c7144178342f70581c9de573af55b390dd7fdb9418631895d5f759f30112687ff621410c069308a" >
- <!-- This should probably be refined, but it's a ton of them -->
- <allow-all />
- <!-- We should only add the exact key + package name, rather then giving this to all gapps -->
- <seinfo value="release" />
- </signer>
-
- <!-- Youtube -->
- <signer signature="30820252308201bb02044934987e300d06092a864886f70d01010405003070310b3009060355040613025553310b3009060355040813024341311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c652c20496e6331143012060355040b130b476f6f676c652c20496e633110300e06035504031307556e6b6e6f776e301e170d3038313230323032303735385a170d3336303431393032303735385a3070310b3009060355040613025553310b3009060355040813024341311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c652c20496e6331143012060355040b130b476f6f676c652c20496e633110300e06035504031307556e6b6e6f776e30819f300d06092a864886f70d010101050003818d00308189028181009f48031990f9b14726384e0453d18f8c0bbf8dc77b2504a4b1207c4c6c44babc00adc6610fa6b6ab2da80e33f2eef16b26a3f6b85b9afaca909ffbbeb3f4c94f7e8122a798e0eba75ced3dd229fa7365f41516415aa9c1617dd583ce19bae8a0bbd885fc17a9b4bd2640805121aadb9377deb40013381418882ec52282fc580d0203010001300d06092a864886f70d0101040500038181004086669ed631da4384ddd061d226e073b98cc4b99df8b5e4be9e3cbe97501e83df1c6fa959c0ce605c4fd2ac6d1c84cede20476cbab19be8f2203aff7717ad652d8fcc890708d1216da84457592649e0e9d3c4bb4cf58da19db1d4fc41bcb9584f64e65f410d0529fd5b68838c141d0a9bd1db1191cb2a0df790ea0cb12db3a4" >
- <allow-all />
- <seinfo value="release" />
- </signer>
-
- <!-- CMUpdater -->
- <signer signature="@RELEASE" >
- <package name="com.cyanogenmod.updater" >
- <seinfo value="cmupdater" />
- </package>
- </signer>
-
- <!-- ThemeManagerService -->
- <signer signature="@RELEASE" >
- <package name="org.cyanogenmod.themeservice" >
- <seinfo value="themeservice" />
- </package>
- </signer>
-</policy>
diff --git a/sepolicy/mediaserver.te b/sepolicy/mediaserver.te
deleted file mode 100644
index 62ed0b7..0000000
--- a/sepolicy/mediaserver.te
+++ /dev/null
@@ -1,3 +0,0 @@
-# Themed resources (i.e. composed icons)
-allow mediaserver themeservice_app_data_file:dir r_dir_perms;
-allow mediaserver themeservice_app_data_file:file r_file_perms;
diff --git a/sepolicy/mkfs.te b/sepolicy/mkfs.te
deleted file mode 100644
index fe7c61b..0000000
--- a/sepolicy/mkfs.te
+++ /dev/null
@@ -1,9 +0,0 @@
-type mkfs, domain;
-type mkfs_exec, exec_type, file_type;
-
-init_daemon_domain(mkfs)
-
-# Allow formatting userdata or cache partitions
-allow mkfs block_device:dir search;
-allow mkfs userdata_block_device:blk_file rw_file_perms;
-allow mkfs cache_block_device:blk_file rw_file_perms;
diff --git a/sepolicy/netd.te b/sepolicy/netd.te
deleted file mode 100644
index 9a0de3f..0000000
--- a/sepolicy/netd.te
+++ /dev/null
@@ -1,8 +0,0 @@
-allow netd self:capability { setuid sys_module setgid };
-allow netd self:packet_socket create_socket_perms;
-allow netd radio_data_file:dir rw_dir_perms;
-allow netd radio_data_file:file create_file_perms;
-allow netd wpa_socket:dir rw_dir_perms;
-allow netd wpa_socket:sock_file create_file_perms;
-allow netd system_wpa_socket:sock_file create_file_perms;
-allow netd hostapd:unix_dgram_socket sendto;
diff --git a/sepolicy/priv_app.te b/sepolicy/priv_app.te
deleted file mode 100644
index 40a90e4..0000000
--- a/sepolicy/priv_app.te
+++ /dev/null
@@ -1 +0,0 @@
-allow priv_app system_app_data_file:file rw_file_perms;
\ No newline at end of file
diff --git a/sepolicy/property.te b/sepolicy/property.te
deleted file mode 100644
index ca257a3..0000000
--- a/sepolicy/property.te
+++ /dev/null
@@ -1,4 +0,0 @@
-type adbtcp_prop, property_type;
-type recovery_prop, property_type;
-type userinit_prop, property_type;
-type adbsecure_prop, property_type;
diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts
deleted file mode 100644
index 98c863e..0000000
--- a/sepolicy/property_contexts
+++ /dev/null
@@ -1,4 +0,0 @@
-adb.network.port u:object_r:adbtcp_prop:s0
-recovery.perf.mode u:object_r:recovery_prop:s0
-ro.adb.secure u:object_r:adbsecure_prop:s0
-cm.userinit.active u:object_r:userinit_prop:s0
diff --git a/sepolicy/qcom/adbd.te b/sepolicy/qcom/adbd.te
deleted file mode 100644
index d610917..0000000
--- a/sepolicy/qcom/adbd.te
+++ /dev/null
@@ -1,14 +0,0 @@
-# Allow pulling various binaries without root
-# (cause we're awesome like that)
-
-allow adbd adsprpcd_exec:file r_file_perms;
-allow adbd location_exec:file r_file_perms;
-allow adbd mm-qcamerad_exec:file r_file_perms;
-allow adbd mpdecision_exec:file r_file_perms;
-allow adbd perfd_exec:file r_file_perms;
-allow adbd rfs_access_exec:file r_file_perms;
-allow adbd rmt_storage_exec:file r_file_perms;
-allow adbd sensors_exec:file r_file_perms;
-allow adbd tee_exec:file r_file_perms;
-allow adbd thermal-engine_exec:file r_file_perms;
-allow adbd time_daemon_exec:file r_file_perms;
diff --git a/sepolicy/qcom/bootanim.te b/sepolicy/qcom/bootanim.te
deleted file mode 100644
index 4b4ca71..0000000
--- a/sepolicy/qcom/bootanim.te
+++ /dev/null
@@ -1,8 +0,0 @@
-allow bootanim mpctl_socket:dir search;
-unix_socket_connect(bootanim, mpctl, perfd)
-unix_socket_send(bootanim, mpctl, perfd)
-
-allow bootanim mpdecision:dir search;
-allow bootanim mpdecision:file r_file_perms;
-unix_socket_connect(bootanim, mpctl, mpdecision)
-unix_socket_send(bootanim, mpctl, mpdecision)
diff --git a/sepolicy/qcom/device.te b/sepolicy/qcom/device.te
deleted file mode 100644
index 9e49627..0000000
--- a/sepolicy/qcom/device.te
+++ /dev/null
@@ -1 +0,0 @@
-type persist_block_device, dev_type;
diff --git a/sepolicy/qcom/domain.te b/sepolicy/qcom/domain.te
deleted file mode 100644
index 5af099f..0000000
--- a/sepolicy/qcom/domain.te
+++ /dev/null
@@ -1,2 +0,0 @@
-allow domain persist_file:dir getattr;
-allow domain persist_block_device:blk_file getattr;
diff --git a/sepolicy/qcom/dumpstate.te b/sepolicy/qcom/dumpstate.te
deleted file mode 100644
index 560ad1e..0000000
--- a/sepolicy/qcom/dumpstate.te
+++ /dev/null
@@ -1,11 +0,0 @@
-# For prefetcher to read themes
-allow dumpstate dalvikcache_data_file:dir r_dir_perms;
-allow dumpstate dalvikcache_data_file:file r_file_perms;
-allow dumpstate resourcecache_data_file:dir r_dir_perms;
-allow dumpstate resourcecache_data_file:file r_file_perms;
-allow dumpstate fuse:dir r_dir_perms;
-allow dumpstate fuse:file r_file_perms;
-allow dumpstate themeservice_app_data_file:dir r_dir_perms;
-allow dumpstate themeservice_app_data_file:file r_file_perms;
-allow dumpstate media_rw_data_file:dir search;
-allow dumpstate wcnss_service_exec:file rx_file_perms;
diff --git a/sepolicy/qcom/livedisplay.te b/sepolicy/qcom/livedisplay.te
deleted file mode 100644
index 394caa3..0000000
--- a/sepolicy/qcom/livedisplay.te
+++ /dev/null
@@ -1,3 +0,0 @@
-# Storage of default mode by native API
-allow system_server display_misc_file:dir rw_dir_perms;
-allow system_server display_misc_file:file create_file_perms;
diff --git a/sepolicy/qcom/mpdecision.te b/sepolicy/qcom/mpdecision.te
deleted file mode 100644
index 9399b32..0000000
--- a/sepolicy/qcom/mpdecision.te
+++ /dev/null
@@ -1,5 +0,0 @@
-allow mpdecision sysfs_devices_system_iosched:file rw_file_perms;
-unix_socket_connect(mpdecision, thermal, thermal-engine)
-
-# read /proc/pid files
-r_dir_file(mpdecision, domain)
diff --git a/sepolicy/qcom/perfd.te b/sepolicy/qcom/perfd.te
deleted file mode 100644
index dd11d84..0000000
--- a/sepolicy/qcom/perfd.te
+++ /dev/null
@@ -1,7 +0,0 @@
-allow perfd sysfs_devices_system_iosched:file rw_file_perms;
-
-# read mediaserver status
-allow perfd mediaserver:file { read open };
-
-#cm extra opts
-unix_socket_connect(perfd, thermal, thermal-engine)
diff --git a/sepolicy/qcom/perfprofd.te b/sepolicy/qcom/perfprofd.te
deleted file mode 100644
index 0975625..0000000
--- a/sepolicy/qcom/perfprofd.te
+++ /dev/null
@@ -1,5 +0,0 @@
-# perfprofd disables mpdecision temporarily via setprop ctl.stop,
-# then re-enables afterwards with setprop ctl.start
-userdebug_or_eng(`
- set_prop(perfprofd, mpdecision_prop)
-')
diff --git a/sepolicy/qcom/property_contexts b/sepolicy/qcom/property_contexts
deleted file mode 100644
index 9bf4898..0000000
--- a/sepolicy/qcom/property_contexts
+++ /dev/null
@@ -1,2 +0,0 @@
-persist.dbg u:object_r:radio_prop:s0
-persist.data u:object_r:radio_prop:s0
diff --git a/sepolicy/qcom/sepolicy.mk b/sepolicy/qcom/sepolicy.mk
deleted file mode 100644
index d0e851f..0000000
--- a/sepolicy/qcom/sepolicy.mk
+++ /dev/null
@@ -1,2 +0,0 @@
-BOARD_SEPOLICY_DIRS += \
- vendor/lineage/sepolicy/qcom
diff --git a/sepolicy/qcom/system_server.te b/sepolicy/qcom/system_server.te
deleted file mode 100644
index 3239c2d..0000000
--- a/sepolicy/qcom/system_server.te
+++ /dev/null
@@ -1,10 +0,0 @@
-# LiveDisplay access to color calibration
-allow system_server pps_socket:sock_file rw_file_perms;
-allow system_server mm-pp-daemon:unix_stream_socket connectto;
-
-# Time services
-allow system_server time_daemon:unix_stream_socket connectto;
-
-#allow reading of usb sysfs to query hvdcp state
-allow system_server sysfs_usb_supply:dir { search };
-allow system_server sysfs_usb_supply:file r_file_perms;
diff --git a/sepolicy/qcom/thermal-engine.te b/sepolicy/qcom/thermal-engine.te
deleted file mode 100644
index 8f8967e..0000000
--- a/sepolicy/qcom/thermal-engine.te
+++ /dev/null
@@ -1,7 +0,0 @@
-allow thermal-engine self:netlink_kobject_uevent_socket create_socket_perms;
-r_dir_file(thermal-engine, sysfs_rqstats);
-
-allow thermal-engine sysfs_battery_supply:file rw_file_perms;
-allow thermal-engine sysfs_battery_supply:dir r_dir_perms;
-
-allow thermal-engine self:capability { net_admin } ;
diff --git a/sepolicy/qcom/vold.te b/sepolicy/qcom/vold.te
deleted file mode 100644
index 9893108..0000000
--- a/sepolicy/qcom/vold.te
+++ /dev/null
@@ -1 +0,0 @@
-allow vold persist_file:dir { getattr read open ioctl };
diff --git a/sepolicy/recovery.te b/sepolicy/recovery.te
deleted file mode 100644
index 708d9b6..0000000
--- a/sepolicy/recovery.te
+++ /dev/null
@@ -1,53 +0,0 @@
-recovery_only(`
-
-# Secure adb (setup_adbd)
-allow adbd adb_keys_file:dir search;
-allow recovery adb_keys_file:dir r_dir_perms;
-allow recovery adb_keys_file:file r_file_perms;
-allow recovery shell_prop:property_service set;
-
-# Recovery dialogs
-unix_socket_connect(recovery, vold, vold)
-allow recovery tmpfs:sock_file create_file_perms;
-
-# Read packages.xml
-#allow recovery system_data_file:file r_file_perms;
-
-# Manage fstab and /adb_keys
-#allow recovery rootfs:file create_file_perms;
-#allow recovery rootfs:file link;
-#allow recovery rootfs:dir { write create rmdir add_name remove_name };
-
-# Read storage files and directories
-allow recovery tmpfs:dir mounton;
-allow recovery media_rw_data_file:dir r_dir_perms;
-allow recovery media_rw_data_file:file r_file_perms;
-allow recovery vfat:dir r_dir_perms;
-allow recovery vfat:file r_file_perms;
-allow recovery sdcard_type:dir r_dir_perms;
-allow recovery sdcard_type:file r_file_perms;
-
-# Control properties
-allow recovery recovery_prop:property_service set;
-
-# Set property sys.usb.ffs.ready
-allow recovery ffs_prop:property_service set;
-
-# recursive rm for wipes... :(
-#allow app_data_file self:filesystem associate;
-#allow recovery app_data_file:file { read open create write };
-#allow recovery app_data_file:filesystem { relabelto relabelfrom mount unmount };
-
-#allow recovery file_type:dir { rw_dir_perms rmdir };
-#allow recovery file_type:notdevfile_class_set { unlink getattr };
-# wipe saves and restores the layout version
-#allow recovery install_data_file:file create_file_perms;
-#allow recovery system_data_file:file create_file_perms;
-
-# /cache/recovery things: command and logs
-allow recovery cache_recovery_file:dir create_dir_perms;
-allow recovery cache_recovery_file:file create_file_perms;
-
-# set system properties for various things
-allow recovery system_prop:property_service set;
-')
diff --git a/sepolicy/seapp_contexts b/sepolicy/seapp_contexts
deleted file mode 100644
index 215f108..0000000
--- a/sepolicy/seapp_contexts
+++ /dev/null
@@ -1,3 +0,0 @@
-#user=theme_man domain=system_app type=system_data_file
-#user=_app seinfo=cmupdater name=com.cyanogenmod.updater domain=system_app type=system_app_data_file
-user=_app seinfo=themeservice name=org.cyanogenmod.themeservice domain=themeservice_app type=themeservice_app_data_file
diff --git a/sepolicy/sepolicy.mk b/sepolicy/sepolicy.mk
deleted file mode 100644
index a2ac999..0000000
--- a/sepolicy/sepolicy.mk
+++ /dev/null
@@ -1,7 +0,0 @@
-#
-# This policy configuration will be used by all products that
-# inherit from CM
-#
-
-BOARD_SEPOLICY_DIRS += \
- vendor/lineage/sepolicy
diff --git a/sepolicy/service.te b/sepolicy/service.te
deleted file mode 100644
index c7ad50f..0000000
--- a/sepolicy/service.te
+++ /dev/null
@@ -1,17 +0,0 @@
-type edge_gesture_service, system_api_service, system_server_service, service_manager_type;
-type themes_service, system_api_service, system_server_service, service_manager_type;
-type torch_service, system_api_service, system_server_service, service_manager_type;
-type kill_switch_service, system_api_service, system_server_service, service_manager_type;
-type cm_status_bar_service, system_api_service, system_server_service, service_manager_type;
-type cm_profile_service, system_api_service, system_server_service, service_manager_type;
-type cm_partner_interface, system_api_service, system_server_service, service_manager_type;
-type cm_telephony_service, system_api_service, system_server_service, service_manager_type;
-type cm_hardware_service, system_api_service, system_server_service, service_manager_type;
-type cm_app_suggest_service, system_api_service, system_server_service, service_manager_type;
-type cm_performance_service, system_api_service, system_server_service, service_manager_type;
-type cm_themes_service, system_api_service, system_server_service, service_manager_type;
-type cm_iconcache_service, system_api_service, system_server_service, service_manager_type;
-type cm_livelockscreen_service, system_api_service, system_server_service, service_manager_type;
-type cm_weather_service, system_api_service, system_server_service, service_manager_type;
-type cm_livedisplay_service, system_api_service, system_server_service, service_manager_type;
-type cm_audio_service, system_api_service, system_server_service, service_manager_type;
diff --git a/sepolicy/service_contexts b/sepolicy/service_contexts
deleted file mode 100644
index 90f21c9..0000000
--- a/sepolicy/service_contexts
+++ /dev/null
@@ -1,17 +0,0 @@
-edgegestureservice u:object_r:edge_gesture_service:s0
-themes u:object_r:themes_service:s0
-torch u:object_r:torch_service:s0
-killswitch u:object_r:kill_switch_service:s0
-cmstatusbar u:object_r:cm_status_bar_service:s0
-profile u:object_r:cm_profile_service:s0
-cmpartnerinterface u:object_r:cm_partner_interface:s0
-cmtelephonymanager u:object_r:cm_telephony_service:s0
-cmhardware u:object_r:cm_hardware_service:s0
-cmappsuggest u:object_r:cm_app_suggest_service:s0
-cmperformance u:object_r:cm_performance_service:s0
-cmthemes u:object_r:cm_themes_service:s0
-cmiconcache u:object_r:cm_iconcache_service:s0
-cmlivelockscreen u:object_r:cm_livelockscreen_service:s0
-cmweather u:object_r:cm_weather_service:s0
-cmlivedisplay u:object_r:cm_livedisplay_service:s0
-cmaudio u:object_r:cm_audio_service:s0
diff --git a/sepolicy/su.te b/sepolicy/su.te
deleted file mode 100644
index 1a2a2b3..0000000
--- a/sepolicy/su.te
+++ /dev/null
@@ -1,72 +0,0 @@
-type superuser_device, file_type, mlstrustedobject;
-
-## Perms for the daemon
-
-userdebug_or_eng(`
- domain_trans(init, su_exec, sudaemon)
-
- typeattribute sudaemon domain, mlstrustedsubject;
-
- type_transition sudaemon socket_device:sock_file superuser_device;
- # The userspace app uses /dev sockets to control per-app access
- allow sudaemon superuser_device:dir { create rw_dir_perms setattr unlink };
- allow sudaemon superuser_device:sock_file { create setattr unlink write };
-
- # sudaemon is also permissive to permit setenforce.
- permissive sudaemon;
-
- # Add sudaemon to various domains
- net_domain(sudaemon)
- app_domain(sudaemon)
-
- dontaudit sudaemon self:capability_class_set *;
- dontaudit sudaemon kernel:security *;
- dontaudit sudaemon kernel:system *;
- dontaudit sudaemon self:memprotect *;
- dontaudit sudaemon domain:process *;
- dontaudit sudaemon domain:fd *;
- dontaudit sudaemon domain:dir *;
- dontaudit sudaemon domain:lnk_file *;
- dontaudit sudaemon domain:{ fifo_file file } *;
- dontaudit sudaemon domain:socket_class_set *;
- dontaudit sudaemon domain:ipc_class_set *;
- dontaudit sudaemon domain:key *;
- dontaudit sudaemon fs_type:filesystem *;
- dontaudit sudaemon {fs_type dev_type file_type}:dir_file_class_set *;
- dontaudit sudaemon node_type:node *;
- dontaudit sudaemon node_type:{ tcp_socket udp_socket rawip_socket } *;
- dontaudit sudaemon netif_type:netif *;
- dontaudit sudaemon port_type:socket_class_set *;
- dontaudit sudaemon port_type:{ tcp_socket dccp_socket } *;
- dontaudit sudaemon domain:peer *;
- dontaudit sudaemon domain:binder *;
- dontaudit sudaemon property_type:property_service *;
- dontaudit sudaemon appops_service:service_manager *;
-')
-
-## Perms for the app
-
-userdebug_or_eng(`
- # Translate user apps to the shell domain when using su
- #
- # PR_SET_NO_NEW_PRIVS blocks this :(
- # we need to find a way to narrow this down to the actual exec.
- # typealias shell alias suclient;
- # domain_auto_trans(untrusted_app, su_exec, suclient)
-
- allow untrusted_app su_exec:file { execute_no_trans getattr open read execute };
- allow untrusted_app sudaemon:unix_stream_socket { connectto read write setopt ioctl };
- allow untrusted_app superuser_device:dir { r_dir_perms };
- allow untrusted_app superuser_device:sock_file { write };
-
-
- # For Settings control of access
- allow system_app superuser_device:sock_file { read write create setattr unlink getattr };
- allow system_app sudaemon:unix_stream_socket { connectto read write setopt ioctl };
- allow system_app superuser_device:dir { create rw_dir_perms setattr unlink };
-
- allow kernel sudaemon:fd { use };
-
-')
-
-neverallow { domain userdebug_or_eng(`-dumpstate -shell -su -untrusted_app -init -sudaemon') } su_exec:file no_x_file_perms;
diff --git a/sepolicy/sysinit.te b/sepolicy/sysinit.te
deleted file mode 100644
index 1a451a3..0000000
--- a/sepolicy/sysinit.te
+++ /dev/null
@@ -1,23 +0,0 @@
-type sysinit, domain;
-type sysinit_exec, exec_type, file_type;
-
-init_daemon_domain(sysinit)
-
-#============= sysinit ==============
-allow sysinit devpts:chr_file { rw_file_perms };
-allow sysinit shell_exec:file { rx_file_perms };
-allow sysinit system_file:file { rx_file_perms };
-allow sysinit system_file:dir { r_dir_perms };
-allow sysinit toolbox_exec:file { rx_file_perms };
-allow sysinit self:process setcurrent;
-
-userdebug_or_eng(`
- allow sysinit userinit_data_exec:file { r_file_perms relabelto };
- allow sysinit property_socket:sock_file write;
- allow sysinit init:unix_stream_socket connectto;
- allow sysinit userinit_prop:property_service set;
- allow sysinit sysfs:file rw_file_perms;
- allow sysinit sysfs_devices_system_cpu:file write;
- allow sysinit self:capability dac_override;
- allow sysinit userinit_exec:file { rx_file_perms };
-')
diff --git a/sepolicy/system.te b/sepolicy/system.te
deleted file mode 100644
index a9831b6..0000000
--- a/sepolicy/system.te
+++ /dev/null
@@ -1,13 +0,0 @@
-allow system_server wallpaper_file:file relabelto;
-
-# allow adb related properties to be set
-allow system_server adbtcp_prop:property_service set;
-
-allow system_server dhcp_data_file:dir r_dir_perms;
-allow system_server dhcp_data_file:file r_file_perms;
-
-# Themes
-allow system_server themeservice_app_data_file:dir create_dir_perms;
-allow system_server themeservice_app_data_file:file create_file_perms;
-allow system_server resourcecache_data_file:dir create_dir_perms;
-allow system_server resourcecache_data_file:file create_file_perms;
diff --git a/sepolicy/system_app.te b/sepolicy/system_app.te
deleted file mode 100644
index d24b10e..0000000
--- a/sepolicy/system_app.te
+++ /dev/null
@@ -1,11 +0,0 @@
-# For the updaters
-allow system_app cache_recovery_file:dir create_dir_perms;
-allow system_app cache_recovery_file:file create_file_perms;
-allow system_app media_rw_data_file:dir create_dir_perms;
-allow system_app media_rw_data_file:file create_file_perms;
-
-# Boot animation
-allow system_app ctl_bootanim_prop:property_service set;
-
-# Settings app wants to read ro.adb.secure
-get_prop(system_app, adbsecure_prop)
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
deleted file mode 100644
index f88353a..0000000
--- a/sepolicy/system_server.te
+++ /dev/null
@@ -1,17 +0,0 @@
-allow system_server cache_recovery_file:dir rw_dir_perms;
-allow system_server cache_recovery_file:file create_file_perms;
-allow system_server cache_recovery_file:fifo_file create_file_perms;
-
-# Persistent properties
-allow system_server persist_property_file:dir rw_dir_perms;
-allow system_server persist_property_file:file { create_file_perms unlink };
-
-allow system_server storage_stub_file:dir { getattr };
-
-allow system_server media_rw_data_file:dir r_dir_perms;
-
-get_prop(system_server, adbsecure_prop)
-
-# Allow system_server to relabel newly created theme directory for
-# use by the proxied theme service
-allow system_server themeservice_app_data_file:dir relabelto;
diff --git a/sepolicy/themeservice_app.te b/sepolicy/themeservice_app.te
deleted file mode 100644
index aaa84ab..0000000
--- a/sepolicy/themeservice_app.te
+++ /dev/null
@@ -1,19 +0,0 @@
-# Add themeservice_app to appdomain
-type themeservice_app, domain;
-app_domain(themeservice_app)
-
-# Theme manager service
-allow themeservice_app activity_service:service_manager find;
-allow themeservice_app cm_status_bar_service:service_manager find;
-allow themeservice_app cm_themes_service:dir search;
-allow themeservice_app connectivity_service:service_manager find;
-allow themeservice_app display_service:service_manager find;
-allow themeservice_app mount_service:service_manager find;
-allow themeservice_app notification_service:service_manager find;
-allow themeservice_app system_app_data_file:dir search;
-allow themeservice_app user_service:service_manager find;
-allow themeservice_app wallpaper_service:service_manager find;
-
-# Allow full access to themeservice_app_data_file
-allow themeservice_app themeservice_app_data_file:dir create_dir_perms;
-allow themeservice_app themeservice_app_data_file:file create_file_perms;
diff --git a/sepolicy/ueventd.te b/sepolicy/ueventd.te
deleted file mode 100644
index 396e266..0000000
--- a/sepolicy/ueventd.te
+++ /dev/null
@@ -1,13 +0,0 @@
-# ueventd needs to relabel files that pop in and out of sysfs
-allow ueventd sysfs:file relabelfrom;
-
-# ueventd will set permissions on cpufreq nodes
-allow ueventd sysfs_devices_system_cpu:file setattr;
-
-# ueventd loads wifi firmware on a ton of devices
-allow ueventd wifi_data_file:dir r_dir_perms;
-allow ueventd wifi_data_file:file r_file_perms;
-
-# ueventd loads audio firmware on many devices
-allow ueventd audio_data_file:dir r_dir_perms;
-allow ueventd audio_data_file:file r_file_perms;
diff --git a/sepolicy/uncrypt.te b/sepolicy/uncrypt.te
deleted file mode 100644
index ca4f8ad..0000000
--- a/sepolicy/uncrypt.te
+++ /dev/null
@@ -1,9 +0,0 @@
-r_dir_file(uncrypt, media_rw_data_file)
-allow uncrypt cache_recovery_file:dir create_dir_perms;
-allow uncrypt cache_recovery_file:file create_file_perms;
-allow uncrypt cache_recovery_file:fifo_file rw_file_perms;
-
-allow uncrypt storage_file:dir r_dir_perms;
-allow uncrypt storage_stub_file:dir r_dir_perms;
-allow uncrypt fuse:dir r_dir_perms;
-allow uncrypt fuse:file r_file_perms;
diff --git a/sepolicy/untrusted_app.te b/sepolicy/untrusted_app.te
deleted file mode 100644
index 2372f16..0000000
--- a/sepolicy/untrusted_app.te
+++ /dev/null
@@ -1,3 +0,0 @@
-allow untrusted_app cm_weather_service:service_manager find;
-allow untrusted_app cm_status_bar_service:service_manager find;
-allow untrusted_app cm_profile_service:service_manager find;
diff --git a/sepolicy/userinit.te b/sepolicy/userinit.te
deleted file mode 100644
index 7407287..0000000
--- a/sepolicy/userinit.te
+++ /dev/null
@@ -1,4 +0,0 @@
-type userinit_exec, exec_type, file_type;
-type userinit_data_exec, file_type;
-
-allow userinit_exec userinit_prop:property_service set;
diff --git a/sepolicy/vold.te b/sepolicy/vold.te
deleted file mode 100644
index 63e72d7..0000000
--- a/sepolicy/vold.te
+++ /dev/null
@@ -1,23 +0,0 @@
-domain_trans(init, rootfs, vold)
-
-# Allow vold to manage ASEC
-allow vold sdcard_type:file create_file_perms;
-allow vold vold_tmpfs:file create_file_perms;
-
-# Allow vold to access fuse for fuse-based fs
-allow vold fuseblk:chr_file rw_file_perms;
-
-# NTFS-3g wants to drop permission
-allow vold self:capability { setgid setuid };
-
-# Vold can also run as minivold in the rootfs
-recovery_only(`
- allow vold rootfs:dir { add_name write };
- allow vold rootfs:file execute_no_trans;
- allow vold vold_tmpfs:file link;
-')
-
-# External storage
-allow vold storage_stub_file:dir { rw_file_perms search add_name };
-allow vold mnt_media_rw_stub_file:dir r_dir_perms;
-allow vold mkfs_exec:file { execute read open getattr execute_no_trans };
diff --git a/sepolicy/zygote.te b/sepolicy/zygote.te
deleted file mode 100644
index 951f414..0000000
--- a/sepolicy/zygote.te
+++ /dev/null
@@ -1,5 +0,0 @@
-allow zygote themeservice_app_data_file:file r_file_perms;
-allow zygote themeservice_app_data_file:dir r_dir_perms;
-
-# ps command may do this
-allow untrusted_app zygote:process getsched;