Remove neverallows for device domain am: 65a66499ccHEADmastermain

Original change: https://android-review.googlesource.com/c/device/mediatek/wembley-sepolicy/+/2414378

Change-Id: I01011a9ccf06062091a54d5fd898ea8e4d156ec6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

3 files changed, 0 insertions, 96 deletions

diff --git a/neverallows/non_plat/neverallows.te b/neverallows/non_plat/neverallows.te
index 64524ac..4c71456 100644
--- a/neverallows/non_plat/neverallows.te
+++ b/neverallows/non_plat/neverallows.te
@@ -218,38 +218,6 @@ full_treble_only(`
 #   hal_client_domain(cameraserver, hal_camera)
 #
 full_treble_only(`
-  neverallow ~{
-    apexd
-    cameraserver
-    fastbootd
-    hal_camera
-    hal_camera_default
-    hal_evs_default
-    init
-    mtk_hal_camera
-    otapreopt_chroot
-    recovery
-    shell
-    slideshow
-    system_server
-    vendor_init
-    vold
-    ueventd
-    } device:dir ~{ search getattr };
-
-  neverallow {
-    cameraserver
-    fastbootd
-    hal_camera
-    hal_camera_default
-    hal_evs_default
-    mtk_hal_camera
-    system_server
-    shell
-    slideshow
-    recovery
-    } device:dir ~r_dir_perms;
-
   neverallow init device:dir ~{ create_dir_perms mounton relabelto };
 
   neverallow vendor_init device:dir ~{ create_dir_perms mounton };
diff --git a/neverallows/plat_private/neverallows.te b/neverallows/plat_private/neverallows.te
index 695a6c7..1281248 100644
--- a/neverallows/plat_private/neverallows.te
+++ b/neverallows/plat_private/neverallows.te
@@ -116,44 +116,7 @@ full_treble_only(`
   neverallow system_server system_data_file:lnk_file ~create_file_perms;
 ')
 
-# Do not allow access to the generic device label. This is too broad.
-# Instead, if access to part of device is desired, it should have a
-# more specific label.
-# TODO: Remove hal_camera and so on once there are no violations.
-#
-#   allow hal_camera device:dir r_dir_perms;
-#   hal_client_domain(cameraserver, hal_camera)
-#
 full_treble_only(`
-    neverallow {
-    coredomain
-    -apexd
-    -cameraserver
-    -fastbootd
-    -hal_camera
-    -init
-    -otapreopt_chroot
-    -recovery
-    -shell
-    -slideshow
-    -system_server
-    -vendor_init
-    -vold
-    -ueventd
-    } device:dir ~{ search getattr };
-
-  neverallow init device:dir ~{ create_dir_perms mounton relabelto };
-
-  neverallow {
-    cameraserver
-    fastbootd
-    hal_camera
-    system_server
-    shell
-    slideshow
-    recovery
-    } device:dir ~r_dir_perms;
-
   neverallow vendor_init device:dir ~{ create_dir_perms mounton };
 
   neverallow vold device:dir ~{ search getattr write };
diff --git a/neverallows/plat_public/neverallows.te b/neverallows/plat_public/neverallows.te
index 1e1bce7..f130f1e 100644
--- a/neverallows/plat_public/neverallows.te
+++ b/neverallows/plat_public/neverallows.te
@@ -448,33 +448,6 @@ full_treble_only(`
 
   neverallow ueventd device:lnk_file ~{ r_file_perms create unlink };
 
-  neverallow {
-    coredomain
-    -apexd
-    -cameraserver
-    -fastbootd
-    -hal_camera
-    -init
-    -otapreopt_chroot
-    -recovery
-    -shell
-    -slideshow
-    -system_server
-    -vendor_init
-    -vold
-    -ueventd
-    } device:dir ~{ search getattr };
-
-  neverallow {
-    cameraserver
-    fastbootd
-    hal_camera
-    system_server
-    shell
-    slideshow
-    recovery
-    } device:dir ~r_dir_perms;
-
   neverallow init device:dir ~{ create_dir_perms mounton relabelto };
 
   neverallow vendor_init device:dir ~{ create_dir_perms mounton };