Remove useless su things
Signed-off-by: Alberto97 <albertop2197@gmail.com>
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 3e91ace..7cffe51 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -15,9 +15,5 @@
/data/misc/radio(/.*)? u:object_r:radio_data_file:s0
#############
-# Superuser's control sockets
-/dev/com.android.settings.daemon(/.*)? u:object_r:superuser_device:s0
-/dev/com.android.settings(/.*)? u:object_r:superuser_device:s0
-
# Expansion of these hooks is a bit unconventional
/cache/com.cyanogenmod.keyhandler.dex u:object_r:dalvikcache_data_file:s0
diff --git a/sepolicy/sepolicy.mk b/sepolicy/sepolicy.mk
index 2eb8b9e..b43476b 100644
--- a/sepolicy/sepolicy.mk
+++ b/sepolicy/sepolicy.mk
@@ -20,7 +20,6 @@
netd.te \
property.te \
shell.te \
- su.te \
sysinit.te \
system.te \
ueventd.te \
diff --git a/sepolicy/su.te b/sepolicy/su.te
deleted file mode 100644
index 8e63b2f..0000000
--- a/sepolicy/su.te
+++ /dev/null
@@ -1,64 +0,0 @@
-type superuser_device, file_type;
-
-## Perms for the daemon
-
-type sudaemon, domain;
-
-userdebug_or_eng(`
- domain_trans(init, su_exec, sudaemon)
- # The userspace app uses /dev sockets to control per-app access
- allow sudaemon superuser_device:dir { create rw_dir_perms setattr unlink };
- allow sudaemon superuser_device:sock_file { create setattr unlink write };
-
- # sudaemon is also permissive to permit setenforce.
- permissive sudaemon;
-
- # Add sudaemon to various domains
- net_domain(sudaemon)
- app_domain(sudaemon)
-
- dontaudit sudaemon self:capability_class_set *;
- dontaudit sudaemon kernel:security *;
- dontaudit sudaemon kernel:system *;
- dontaudit sudaemon self:memprotect *;
- dontaudit sudaemon domain:process *;
- dontaudit sudaemon domain:fd *;
- dontaudit sudaemon domain:dir *;
- dontaudit sudaemon domain:lnk_file *;
- dontaudit sudaemon domain:{ fifo_file file } *;
- dontaudit sudaemon domain:socket_class_set *;
- dontaudit sudaemon domain:ipc_class_set *;
- dontaudit sudaemon domain:key *;
- dontaudit sudaemon fs_type:filesystem *;
- dontaudit sudaemon {fs_type dev_type file_type}:dir_file_class_set *;
- dontaudit sudaemon node_type:node *;
- dontaudit sudaemon node_type:{ tcp_socket udp_socket rawip_socket } *;
- dontaudit sudaemon netif_type:netif *;
- dontaudit sudaemon port_type:socket_class_set *;
- dontaudit sudaemon port_type:{ tcp_socket dccp_socket } *;
- dontaudit sudaemon domain:peer *;
- dontaudit sudaemon domain:binder *;
- dontaudit sudaemon property_type:property_service *;
-')
-
-## Perms for the app
-
-userdebug_or_eng(`
- # Translate user apps to the shell domain when using su
- #
- # PR_SET_NO_NEW_PRIVS blocks this :(
- # we need to find a way to narrow this down to the actual exec.
- # typealias shell alias suclient;
- # domain_auto_trans(untrusted_app, su_exec, suclient)
-
- allow untrusted_app su_exec:file { execute_no_trans getattr open read execute };
- allow untrusted_app sudaemon:unix_stream_socket { connectto read write setopt ioctl };
- allow untrusted_app superuser_device:dir { r_dir_perms };
- allow untrusted_app superuser_device:sock_file { write };
-
-
- # For Settings control of access
- allow system_app superuser_device:sock_file { read write create setattr unlink getattr };
- allow system_app sudaemon:unix_stream_socket { connectto read write setopt ioctl };
- allow system_app superuser_device:dir { create rw_dir_perms setattr unlink };
-')