vendor:bliss: Kill sepolicies
Change-Id: Ieb72cc33eebc328e2037941bc08484630a813f0d
Signed-off-by: nilac8991 <nilac8991@gmail.com>
diff --git a/sepolicy/adbd.te b/sepolicy/adbd.te
deleted file mode 100644
index 80627d6..0000000
--- a/sepolicy/adbd.te
+++ /dev/null
@@ -1 +0,0 @@
-set_prop(adbd, adbsecure_prop)
diff --git a/sepolicy/domain.te b/sepolicy/domain.te
deleted file mode 100644
index e05768e..0000000
--- a/sepolicy/domain.te
+++ /dev/null
@@ -1,4 +0,0 @@
-allow domain block_device:dir { search getattr };
-allow domain block_device:blk_file getattr;
-allow domain cache_block_device:blk_file getattr;
-allow domain userdata_block_device:blk_file getattr;
diff --git a/sepolicy/file.te b/sepolicy/file.te
deleted file mode 100644
index 2bf0cab..0000000
--- a/sepolicy/file.te
+++ /dev/null
@@ -1,15 +0,0 @@
-# Support asec containers getting mounted
-allow file_type rootfs:filesystem associate;
-
-# Performance settings
-type sysfs_devices_system_iosched, file_type, sysfs_type;
-
-# Persistent property storage
-type persist_property_file, file_type;
-
-# Knobs for LiveDisplay
-type livedisplay_sysfs, sysfs_type, file_type;
-
-# Filesystems
-type exfat, sdcard_type, fs_type, mlstrustedobject;
-type ntfs, sdcard_type, fs_type, mlstrustedobject;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
deleted file mode 100644
index 67e4895..0000000
--- a/sepolicy/file_contexts
+++ /dev/null
@@ -1,38 +0,0 @@
-/cache/dalvik-cache(/.*)? u:object_r:dalvikcache_data_file:s0
-
-/system/bin/sysinit u:object_r:sysinit_exec:s0
-
-# For EXFAT/F2FS/NTFS partitions marked "formattable"
-/system/bin/mkfs\.exfat u:object_r:mkfs_exec:s0
-/system/bin/mkfs\.f2fs u:object_r:mkfs_exec:s0
-/system/bin/mkfs\.ntfs u:object_r:mkfs_exec:s0
-
-# For minivold in recovery
-/sbin/minivold u:object_r:vold_exec:s0
-
-/system/etc/init.d/90userinit u:object_r:userinit_exec:s0
-/data/local/userinit.sh u:object_r:userinit_data_exec:s0
-
-#############################
-# performance-related sysfs files (CM)
-/sys/devices/system/cpu.*/cpufreq(/.*)? -- u:object_r:sysfs_devices_system_cpu:s0
-/sys/block/mmcblk.*/queue/scheduler -- u:object_r:sysfs_devices_system_iosched:s0
-
-/data/hostapd(/.*)? u:object_r:wifi_data_file:s0
-
-#############
-# Expansion of these hooks is a bit unconventional
-/cache/com.cyanogenmod.keyhandler.dex u:object_r:dalvikcache_data_file:s0
-
-# Persistent properties
-/persist/properties(/.*)? u:object_r:persist_property_file:s0
-
-# LiveDisplay
-/sys/devices/virtual/graphics/fb0/aco u:object_r:livedisplay_sysfs:s0
-/sys/devices/virtual/graphics/fb0/cabc u:object_r:livedisplay_sysfs:s0
-/sys/devices/virtual/graphics/fb0/rgb u:object_r:livedisplay_sysfs:s0
-/sys/devices/virtual/graphics/fb0/sre u:object_r:livedisplay_sysfs:s0
-
-# fsck
-/system/bin/fsck\.ntfs u:object_r:fsck_exec:s0
-/system/bin/fsck\.exfat u:object_r:fsck_exec:s0
diff --git a/sepolicy/fsck_untrusted.te b/sepolicy/fsck_untrusted.te
deleted file mode 100644
index 5d12f76..0000000
--- a/sepolicy/fsck_untrusted.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# External storage
-allow fsck_untrusted self:capability sys_admin;
diff --git a/sepolicy/genfs_contexts b/sepolicy/genfs_contexts
deleted file mode 100644
index b5652a2..0000000
--- a/sepolicy/genfs_contexts
+++ /dev/null
@@ -1,3 +0,0 @@
-genfscon fuseblk / u:object_r:fuseblk:s0
-genfscon exfat / u:object_r:exfat:s0
-genfscon ntfs / u:object_r:ntfs:s0
diff --git a/sepolicy/healthd.te b/sepolicy/healthd.te
deleted file mode 100644
index 4711cf5..0000000
--- a/sepolicy/healthd.te
+++ /dev/null
@@ -1 +0,0 @@
-allow healthd self:capability { dac_override dac_read_search };
diff --git a/sepolicy/hostapd.te b/sepolicy/hostapd.te
deleted file mode 100644
index 8a70f14..0000000
--- a/sepolicy/hostapd.te
+++ /dev/null
@@ -1 +0,0 @@
-allow hostapd netd:unix_dgram_socket sendto;
diff --git a/sepolicy/init.te b/sepolicy/init.te
deleted file mode 100644
index eaf9cae..0000000
--- a/sepolicy/init.te
+++ /dev/null
@@ -1,7 +0,0 @@
-# Allow formatting userdata or cache partitions
-allow init block_device:dir search;
-allow init userdata_block_device:blk_file rw_file_perms;
-allow init cache_block_device:blk_file rw_file_perms;
-
-# Allow init to send class_* trigger events
-allow init property_socket:sock_file write;
diff --git a/sepolicy/installd.te b/sepolicy/installd.te
deleted file mode 100644
index 47f0c52..0000000
--- a/sepolicy/installd.te
+++ /dev/null
@@ -1,3 +0,0 @@
-# Allow querying of asec size on SD card
-allow installd sdcard_type:dir { search };
-allow installd sdcard_type:file { getattr };
diff --git a/sepolicy/livedisplay.te b/sepolicy/livedisplay.te
deleted file mode 100644
index a260e07..0000000
--- a/sepolicy/livedisplay.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# Various knobs used by LiveDisplay
-allow system_server livedisplay_sysfs:file rw_file_perms;
diff --git a/sepolicy/mac_permissions.xml b/sepolicy/mac_permissions.xml
deleted file mode 100644
index e91c6f4..0000000
--- a/sepolicy/mac_permissions.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<policy>
-
-<!-- Most Google-authored apps -->
- <signer signature="308204433082032ba003020102020900c2e08746644a308d300d06092a864886f70d01010405003074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f6964301e170d3038303832313233313333345a170d3336303130373233313333345a3074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f696430820120300d06092a864886f70d01010105000382010d00308201080282010100ab562e00d83ba208ae0a966f124e29da11f2ab56d08f58e2cca91303e9b754d372f640a71b1dcb130967624e4656a7776a92193db2e5bfb724a91e77188b0e6a47a43b33d9609b77183145ccdf7b2e586674c9e1565b1f4c6a5955bff251a63dabf9c55c27222252e875e4f8154a645f897168c0b1bfc612eabf785769bb34aa7984dc7e2ea2764cae8307d8c17154d7ee5f64a51a44a602c249054157dc02cd5f5c0e55fbef8519fbe327f0b1511692c5a06f19d18385f5c4dbc2d6b93f68cc2979c70e18ab93866b3bd5db8999552a0e3b4c99df58fb918bedc182ba35e003c1b4b10dd244a8ee24fffd333872ab5221985edab0fc0d0b145b6aa192858e79020103a381d93081d6301d0603551d0e04160414c77d8cc2211756259a7fd382df6be398e4d786a53081a60603551d2304819e30819b8014c77d8cc2211756259a7fd382df6be398e4d786a5a178a4763074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f6964820900c2e08746644a308d300c0603551d13040530030101ff300d06092a864886f70d010104050003820101006dd252ceef85302c360aaace939bcff2cca904bb5d7a1661f8ae46b2994204d0ff4a68c7ed1a531ec4595a623ce60763b167297a7ae35712c407f208f0cb109429124d7b106219c084ca3eb3f9ad5fb871ef92269a8be28bf16d44c8d9a08e6cb2f005bb3fe2cb96447e868e731076ad45b33f6009ea19c161e62641aa99271dfd5228c5c587875ddb7f452758d661f6cc0cccb7352e424cc4365c523532f7325137593c4ae341f4db41edda0d0b1071a7c440f0fe9ea01cb627ca674369d084bd2fd911ff06cdbf2cfa10dc0f893ae35762919048c7efc64c7144178342f70581c9de573af55b390dd7fdb9418631895d5f759f30112687ff621410c069308a" >
- <!-- This should probably be refined, but it's a ton of them -->
- <allow-all />
- <!-- We should only add the exact key + package name, rather then giving this to all gapps -->
- <seinfo value="release" />
- </signer>
-
- <!-- Youtube -->
- <signer signature="30820252308201bb02044934987e300d06092a864886f70d01010405003070310b3009060355040613025553310b3009060355040813024341311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c652c20496e6331143012060355040b130b476f6f676c652c20496e633110300e06035504031307556e6b6e6f776e301e170d3038313230323032303735385a170d3336303431393032303735385a3070310b3009060355040613025553310b3009060355040813024341311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c652c20496e6331143012060355040b130b476f6f676c652c20496e633110300e06035504031307556e6b6e6f776e30819f300d06092a864886f70d010101050003818d00308189028181009f48031990f9b14726384e0453d18f8c0bbf8dc77b2504a4b1207c4c6c44babc00adc6610fa6b6ab2da80e33f2eef16b26a3f6b85b9afaca909ffbbeb3f4c94f7e8122a798e0eba75ced3dd229fa7365f41516415aa9c1617dd583ce19bae8a0bbd885fc17a9b4bd2640805121aadb9377deb40013381418882ec52282fc580d0203010001300d06092a864886f70d0101040500038181004086669ed631da4384ddd061d226e073b98cc4b99df8b5e4be9e3cbe97501e83df1c6fa959c0ce605c4fd2ac6d1c84cede20476cbab19be8f2203aff7717ad652d8fcc890708d1216da84457592649e0e9d3c4bb4cf58da19db1d4fc41bcb9584f64e65f410d0529fd5b68838c141d0a9bd1db1191cb2a0df790ea0cb12db3a4" >
- <allow-all />
- <seinfo value="release" />
- </signer>
-</policy>
diff --git a/sepolicy/mkfs.te b/sepolicy/mkfs.te
deleted file mode 100644
index fe7c61b..0000000
--- a/sepolicy/mkfs.te
+++ /dev/null
@@ -1,9 +0,0 @@
-type mkfs, domain;
-type mkfs_exec, exec_type, file_type;
-
-init_daemon_domain(mkfs)
-
-# Allow formatting userdata or cache partitions
-allow mkfs block_device:dir search;
-allow mkfs userdata_block_device:blk_file rw_file_perms;
-allow mkfs cache_block_device:blk_file rw_file_perms;
diff --git a/sepolicy/netd.te b/sepolicy/netd.te
deleted file mode 100644
index 9a0de3f..0000000
--- a/sepolicy/netd.te
+++ /dev/null
@@ -1,8 +0,0 @@
-allow netd self:capability { setuid sys_module setgid };
-allow netd self:packet_socket create_socket_perms;
-allow netd radio_data_file:dir rw_dir_perms;
-allow netd radio_data_file:file create_file_perms;
-allow netd wpa_socket:dir rw_dir_perms;
-allow netd wpa_socket:sock_file create_file_perms;
-allow netd system_wpa_socket:sock_file create_file_perms;
-allow netd hostapd:unix_dgram_socket sendto;
diff --git a/sepolicy/property.te b/sepolicy/property.te
deleted file mode 100644
index ca257a3..0000000
--- a/sepolicy/property.te
+++ /dev/null
@@ -1,4 +0,0 @@
-type adbtcp_prop, property_type;
-type recovery_prop, property_type;
-type userinit_prop, property_type;
-type adbsecure_prop, property_type;
diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts
deleted file mode 100644
index 98c863e..0000000
--- a/sepolicy/property_contexts
+++ /dev/null
@@ -1,4 +0,0 @@
-adb.network.port u:object_r:adbtcp_prop:s0
-recovery.perf.mode u:object_r:recovery_prop:s0
-ro.adb.secure u:object_r:adbsecure_prop:s0
-cm.userinit.active u:object_r:userinit_prop:s0
diff --git a/sepolicy/qcom/bootanim.te b/sepolicy/qcom/bootanim.te
deleted file mode 100644
index 4b4ca71..0000000
--- a/sepolicy/qcom/bootanim.te
+++ /dev/null
@@ -1,8 +0,0 @@
-allow bootanim mpctl_socket:dir search;
-unix_socket_connect(bootanim, mpctl, perfd)
-unix_socket_send(bootanim, mpctl, perfd)
-
-allow bootanim mpdecision:dir search;
-allow bootanim mpdecision:file r_file_perms;
-unix_socket_connect(bootanim, mpctl, mpdecision)
-unix_socket_send(bootanim, mpctl, mpdecision)
diff --git a/sepolicy/qcom/device.te b/sepolicy/qcom/device.te
deleted file mode 100644
index 9e49627..0000000
--- a/sepolicy/qcom/device.te
+++ /dev/null
@@ -1 +0,0 @@
-type persist_block_device, dev_type;
diff --git a/sepolicy/qcom/domain.te b/sepolicy/qcom/domain.te
deleted file mode 100644
index 5af099f..0000000
--- a/sepolicy/qcom/domain.te
+++ /dev/null
@@ -1,2 +0,0 @@
-allow domain persist_file:dir getattr;
-allow domain persist_block_device:blk_file getattr;
diff --git a/sepolicy/qcom/mpdecision.te b/sepolicy/qcom/mpdecision.te
deleted file mode 100644
index 9399b32..0000000
--- a/sepolicy/qcom/mpdecision.te
+++ /dev/null
@@ -1,5 +0,0 @@
-allow mpdecision sysfs_devices_system_iosched:file rw_file_perms;
-unix_socket_connect(mpdecision, thermal, thermal-engine)
-
-# read /proc/pid files
-r_dir_file(mpdecision, domain)
diff --git a/sepolicy/qcom/perfd.te b/sepolicy/qcom/perfd.te
deleted file mode 100644
index dd11d84..0000000
--- a/sepolicy/qcom/perfd.te
+++ /dev/null
@@ -1,7 +0,0 @@
-allow perfd sysfs_devices_system_iosched:file rw_file_perms;
-
-# read mediaserver status
-allow perfd mediaserver:file { read open };
-
-#cm extra opts
-unix_socket_connect(perfd, thermal, thermal-engine)
diff --git a/sepolicy/qcom/sepolicy.mk b/sepolicy/qcom/sepolicy.mk
deleted file mode 100644
index fd4da4c..0000000
--- a/sepolicy/qcom/sepolicy.mk
+++ /dev/null
@@ -1,2 +0,0 @@
-BOARD_SEPOLICY_DIRS += \
- vendor/bliss/sepolicy/qcom
diff --git a/sepolicy/qcom/system_server.te b/sepolicy/qcom/system_server.te
deleted file mode 100644
index 362bd4f..0000000
--- a/sepolicy/qcom/system_server.te
+++ /dev/null
@@ -1,6 +0,0 @@
-# LiveDisplay access to color calibration
-allow system_server pps_socket:sock_file rw_file_perms;
-allow system_server mm-pp-daemon:unix_stream_socket connectto;
-
-# Time services
-allow system_server time_daemon:unix_stream_socket connectto;
diff --git a/sepolicy/qcom/thermal-engine.te b/sepolicy/qcom/thermal-engine.te
deleted file mode 100644
index 8f8967e..0000000
--- a/sepolicy/qcom/thermal-engine.te
+++ /dev/null
@@ -1,7 +0,0 @@
-allow thermal-engine self:netlink_kobject_uevent_socket create_socket_perms;
-r_dir_file(thermal-engine, sysfs_rqstats);
-
-allow thermal-engine sysfs_battery_supply:file rw_file_perms;
-allow thermal-engine sysfs_battery_supply:dir r_dir_perms;
-
-allow thermal-engine self:capability { net_admin } ;
diff --git a/sepolicy/qcom/vold.te b/sepolicy/qcom/vold.te
deleted file mode 100644
index 9893108..0000000
--- a/sepolicy/qcom/vold.te
+++ /dev/null
@@ -1 +0,0 @@
-allow vold persist_file:dir { getattr read open ioctl };
diff --git a/sepolicy/recovery.te b/sepolicy/recovery.te
deleted file mode 100644
index bc53de6..0000000
--- a/sepolicy/recovery.te
+++ /dev/null
@@ -1,49 +0,0 @@
-recovery_only(`
-
-# Secure adb (setup_adbd)
-allow adbd adb_keys_file:dir search;
-allow recovery adb_keys_file:dir r_dir_perms;
-allow recovery adb_keys_file:file r_file_perms;
-allow recovery shell_prop:property_service set;
-
-# Recovery dialogs
-unix_socket_connect(recovery, vold, vold)
-allow recovery tmpfs:sock_file create_file_perms;
-
-# Read packages.xml
-#allow recovery system_data_file:file r_file_perms;
-
-# Manage fstab and /adb_keys
-#allow recovery rootfs:file create_file_perms;
-#allow recovery rootfs:file link;
-#allow recovery rootfs:dir { write create rmdir add_name remove_name };
-
-# Read storage files and directories
-allow recovery media_rw_data_file:dir r_dir_perms;
-allow recovery media_rw_data_file:file r_file_perms;
-allow recovery vfat:dir r_dir_perms;
-allow recovery vfat:file r_file_perms;
-allow recovery sdcard_type:dir r_dir_perms;
-allow recovery sdcard_type:file r_file_perms;
-
-# Control properties
-allow recovery recovery_prop:property_service set;
-
-# recursive rm for wipes... :(
-#allow app_data_file self:filesystem associate;
-#allow recovery app_data_file:file { read open create write };
-#allow recovery app_data_file:filesystem { relabelto relabelfrom mount unmount };
-
-#allow recovery file_type:dir { rw_dir_perms rmdir };
-#allow recovery file_type:notdevfile_class_set { unlink getattr };
-# wipe saves and restores the layout version
-#allow recovery install_data_file:file create_file_perms;
-#allow recovery system_data_file:file create_file_perms;
-
-# /cache/recovery things: command and logs
-allow recovery cache_recovery_file:dir create_dir_perms;
-allow recovery cache_recovery_file:file create_file_perms;
-
-# set system properties for various things
-allow recovery system_prop:property_service set;
-')
diff --git a/sepolicy/sepolicy.mk b/sepolicy/sepolicy.mk
deleted file mode 100644
index 0a53894..0000000
--- a/sepolicy/sepolicy.mk
+++ /dev/null
@@ -1,7 +0,0 @@
-#
-# This policy configuration will be used by all products that
-# inherit from bliss
-#
-
-BOARD_SEPOLICY_DIRS += \
- vendor/bliss/sepolicy
diff --git a/sepolicy/service.te b/sepolicy/service.te
deleted file mode 100644
index 789660c..0000000
--- a/sepolicy/service.te
+++ /dev/null
@@ -1 +0,0 @@
-type edge_gesture_service, system_api_service, system_server_service, service_manager_type;
diff --git a/sepolicy/service_contexts b/sepolicy/service_contexts
deleted file mode 100644
index 2e810fe..0000000
--- a/sepolicy/service_contexts
+++ /dev/null
@@ -1 +0,0 @@
-edgegestureservice u:object_r:edge_gesture_service:s0
diff --git a/sepolicy/shell.te b/sepolicy/shell.te
deleted file mode 100644
index 48b4777..0000000
--- a/sepolicy/shell.te
+++ /dev/null
@@ -1 +0,0 @@
-allow shell adbtcp_prop:property_service set;
diff --git a/sepolicy/sysinit.te b/sepolicy/sysinit.te
deleted file mode 100644
index 1a451a3..0000000
--- a/sepolicy/sysinit.te
+++ /dev/null
@@ -1,23 +0,0 @@
-type sysinit, domain;
-type sysinit_exec, exec_type, file_type;
-
-init_daemon_domain(sysinit)
-
-#============= sysinit ==============
-allow sysinit devpts:chr_file { rw_file_perms };
-allow sysinit shell_exec:file { rx_file_perms };
-allow sysinit system_file:file { rx_file_perms };
-allow sysinit system_file:dir { r_dir_perms };
-allow sysinit toolbox_exec:file { rx_file_perms };
-allow sysinit self:process setcurrent;
-
-userdebug_or_eng(`
- allow sysinit userinit_data_exec:file { r_file_perms relabelto };
- allow sysinit property_socket:sock_file write;
- allow sysinit init:unix_stream_socket connectto;
- allow sysinit userinit_prop:property_service set;
- allow sysinit sysfs:file rw_file_perms;
- allow sysinit sysfs_devices_system_cpu:file write;
- allow sysinit self:capability dac_override;
- allow sysinit userinit_exec:file { rx_file_perms };
-')
diff --git a/sepolicy/system.te b/sepolicy/system.te
deleted file mode 100644
index 4e98e33..0000000
--- a/sepolicy/system.te
+++ /dev/null
@@ -1,7 +0,0 @@
-allow system_server wallpaper_file:file relabelto;
-
-# allow adb related properties to be set
-allow system_server adbtcp_prop:property_service set;
-
-allow system_server dhcp_data_file:dir r_dir_perms;
-allow system_server dhcp_data_file:file r_file_perms;
diff --git a/sepolicy/system_app.te b/sepolicy/system_app.te
deleted file mode 100644
index 490ccd0..0000000
--- a/sepolicy/system_app.te
+++ /dev/null
@@ -1,8 +0,0 @@
-# For the updaters
-allow system_app cache_recovery_file:dir create_dir_perms;
-allow system_app cache_recovery_file:file create_file_perms;
-allow system_app media_rw_data_file:dir create_dir_perms;
-allow system_app media_rw_data_file:file create_file_perms;
-
-# Boot animation
-allow system_app ctl_bootanim_prop:property_service set;
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
deleted file mode 100644
index ce9b6bd..0000000
--- a/sepolicy/system_server.te
+++ /dev/null
@@ -1,11 +0,0 @@
-allow system_server cache_recovery_file:dir rw_dir_perms;
-allow system_server cache_recovery_file:file create_file_perms;
-allow system_server cache_recovery_file:fifo_file create_file_perms;
-
-# Persistent properties
-allow system_server persist_property_file:dir rw_dir_perms;
-allow system_server persist_property_file:file { create_file_perms unlink };
-
-allow system_server storage_stub_file:dir { getattr };
-
-allow system_server media_rw_data_file:dir r_dir_perms;
diff --git a/sepolicy/ueventd.te b/sepolicy/ueventd.te
deleted file mode 100644
index 396e266..0000000
--- a/sepolicy/ueventd.te
+++ /dev/null
@@ -1,13 +0,0 @@
-# ueventd needs to relabel files that pop in and out of sysfs
-allow ueventd sysfs:file relabelfrom;
-
-# ueventd will set permissions on cpufreq nodes
-allow ueventd sysfs_devices_system_cpu:file setattr;
-
-# ueventd loads wifi firmware on a ton of devices
-allow ueventd wifi_data_file:dir r_dir_perms;
-allow ueventd wifi_data_file:file r_file_perms;
-
-# ueventd loads audio firmware on many devices
-allow ueventd audio_data_file:dir r_dir_perms;
-allow ueventd audio_data_file:file r_file_perms;
diff --git a/sepolicy/uncrypt.te b/sepolicy/uncrypt.te
deleted file mode 100644
index ca4f8ad..0000000
--- a/sepolicy/uncrypt.te
+++ /dev/null
@@ -1,9 +0,0 @@
-r_dir_file(uncrypt, media_rw_data_file)
-allow uncrypt cache_recovery_file:dir create_dir_perms;
-allow uncrypt cache_recovery_file:file create_file_perms;
-allow uncrypt cache_recovery_file:fifo_file rw_file_perms;
-
-allow uncrypt storage_file:dir r_dir_perms;
-allow uncrypt storage_stub_file:dir r_dir_perms;
-allow uncrypt fuse:dir r_dir_perms;
-allow uncrypt fuse:file r_file_perms;
diff --git a/sepolicy/userinit.te b/sepolicy/userinit.te
deleted file mode 100644
index 7407287..0000000
--- a/sepolicy/userinit.te
+++ /dev/null
@@ -1,4 +0,0 @@
-type userinit_exec, exec_type, file_type;
-type userinit_data_exec, file_type;
-
-allow userinit_exec userinit_prop:property_service set;
diff --git a/sepolicy/vold.te b/sepolicy/vold.te
deleted file mode 100644
index af521e8..0000000
--- a/sepolicy/vold.te
+++ /dev/null
@@ -1,21 +0,0 @@
-domain_trans(init, rootfs, vold)
-
-# Allow vold to manage ASEC
-allow vold sdcard_type:file create_file_perms;
-allow vold vold_tmpfs:file create_file_perms;
-
-# Allow vold to access fuse for fuse-based fs
-allow vold fuseblk:chr_file rw_file_perms;
-
-# NTFS-3g wants to drop permission
-allow vold self:capability { setgid setuid };
-
-# Vold can also run as minivold in the rootfs
-recovery_only(`
- allow vold rootfs:dir { add_name write };
-')
-
-# External storage
-allow vold storage_stub_file:dir { rw_file_perms search add_name };
-allow vold mnt_media_rw_stub_file:dir r_dir_perms;
-allow vold mkfs_exec:file { execute read open getattr execute_no_trans };
diff --git a/sepolicy/zygote.te b/sepolicy/zygote.te
deleted file mode 100644
index 5e5ce5c..0000000
--- a/sepolicy/zygote.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# ps command may do this
-allow untrusted_app zygote:process getsched;