sepolicy: wipe all

Change-Id: I10a53f327ef2a92263c11eed8d4463f4a58b58b5
author: Julian Veit <claymore1298@gmail.com> 2020-11-30 08:05:29 +0100
committer: dragonGR <alex@dragongr.dev> 2020-12-06 21:29:15 +0200
commit: cd5dde6dd27dc691c02440ce5b33057389834125 (patch)
tree: 4b825dc642cb6eb9a060e54bf8d69288fbee4904
parent: 3f194aa4123cd872a5cfa7716a7f57f9593a1630 (diff)
73 files changed, 0 insertions, 658 deletions
diff --git a/common/dynamic/file.te b/common/dynamic/file.te
deleted file mode 100644
index ce0f325..0000000
--- a/common/dynamic/file.te
+++ /dev/null
@@ -1,2 +0,0 @@
-type proc_deny_new_usb, fs_type, proc_type;
-type sysfs_livedisplay_tuneable, fs_type, sysfs_type;
diff --git a/common/dynamic/genfs_contexts b/common/dynamic/genfs_contexts
deleted file mode 100644
index 4287895..0000000
--- a/common/dynamic/genfs_contexts
+++ /dev/null
@@ -1,10 +0,0 @@
-genfscon proc /sys/kernel/deny_new_usb u:object_r:proc_deny_new_usb:s0
-
-genfscon sysfs /devices/virtual/graphics/fb0/acl u:object_r:sysfs_livedisplay_tuneable:s0
-genfscon sysfs /devices/virtual/graphics/fb0/aco u:object_r:sysfs_livedisplay_tuneable:s0
-genfscon sysfs /devices/virtual/graphics/fb0/cabc u:object_r:sysfs_livedisplay_tuneable:s0
-genfscon sysfs /devices/virtual/graphics/fb0/color_enhance u:object_r:sysfs_livedisplay_tuneable:s0
-genfscon sysfs /devices/virtual/graphics/fb0/hbm u:object_r:sysfs_livedisplay_tuneable:s0
-genfscon sysfs /devices/virtual/graphics/fb0/rgb u:object_r:sysfs_livedisplay_tuneable:s0
-genfscon sysfs /devices/virtual/graphics/fb0/sre u:object_r:sysfs_livedisplay_tuneable:s0
-genfscon sysfs /devices/virtual/graphics/fb0/reading_mode u:object_r:sysfs_livedisplay_tuneable:s0
diff --git a/common/dynamic/hal_lineage_camera_motor.te b/common/dynamic/hal_lineage_camera_motor.te
deleted file mode 100644
index f398cc2..0000000
--- a/common/dynamic/hal_lineage_camera_motor.te
+++ /dev/null
@@ -1,5 +0,0 @@
-# HwBinder IPC from client to server
-binder_call(hal_lineage_camera_motor_client, hal_lineage_camera_motor_server)
-
-add_hwservice(hal_lineage_camera_motor_server, hal_lineage_camera_motor_hwservice)
-allow hal_lineage_camera_motor_client hal_lineage_camera_motor_hwservice:hwservice_manager find;
diff --git a/common/dynamic/hal_lineage_fod.te b/common/dynamic/hal_lineage_fod.te
deleted file mode 100644
index 7872599..0000000
--- a/common/dynamic/hal_lineage_fod.te
+++ /dev/null
@@ -1,8 +0,0 @@
-# HwBinder IPC from client to server
-binder_call(hal_lineage_fod_client, hal_lineage_fod_server)
-
-add_hwservice(hal_lineage_fod_server, hal_lineage_fod_hwservice)
-allow hal_lineage_fod_client hal_lineage_fod_hwservice:hwservice_manager find;
-
-# Allow binder communication with platform_app
-binder_call(hal_lineage_fod, platform_app)
diff --git a/common/dynamic/hal_lineage_livedisplay.te b/common/dynamic/hal_lineage_livedisplay.te
deleted file mode 100644
index 6a9aac5..0000000
--- a/common/dynamic/hal_lineage_livedisplay.te
+++ /dev/null
@@ -1,5 +0,0 @@
-# HwBinder IPC from client to server
-binder_call(hal_lineage_livedisplay_client, hal_lineage_livedisplay_server)
-
-add_hwservice(hal_lineage_livedisplay_server, hal_lineage_livedisplay_hwservice)
-allow hal_lineage_livedisplay_client hal_lineage_livedisplay_hwservice:hwservice_manager find;
diff --git a/common/dynamic/hal_lineage_powershare.te b/common/dynamic/hal_lineage_powershare.te
deleted file mode 100644
index 86e8aa3..0000000
--- a/common/dynamic/hal_lineage_powershare.te
+++ /dev/null
@@ -1,8 +0,0 @@
-# HWBinder IPC from client to server
-binder_call(hal_lineage_powershare_client, hal_lineage_powershare_server)
-
-add_hwservice(hal_lineage_powershare_server, hal_lineage_powershare_hwservice)
-allow hal_lineage_powershare_client hal_lineage_powershare_hwservice:hwservice_manager find;
-
-# Allow binder communication with platform_app
-binder_call(hal_lineage_powershare, platform_app)
diff --git a/common/dynamic/hal_lineage_touch.te b/common/dynamic/hal_lineage_touch.te
deleted file mode 100644
index 0cc8082..0000000
--- a/common/dynamic/hal_lineage_touch.te
+++ /dev/null
@@ -1,5 +0,0 @@
-# HwBinder IPC from client to server
-binder_call(hal_lineage_touch_client, hal_lineage_touch_server)
-
-add_hwservice(hal_lineage_touch_server, hal_lineage_touch_hwservice)
-allow hal_lineage_touch_client hal_lineage_touch_hwservice:hwservice_manager find;
diff --git a/common/dynamic/hal_lineage_trust.te b/common/dynamic/hal_lineage_trust.te
deleted file mode 100644
index ca4eff4..0000000
--- a/common/dynamic/hal_lineage_trust.te
+++ /dev/null
@@ -1,9 +0,0 @@
-# HwBinder IPC from client to server
-binder_call(hal_lineage_trust_client, hal_lineage_trust_server)
-
-add_hwservice(hal_lineage_trust_server, hal_lineage_trust_hwservice)
-allow hal_lineage_trust_client hal_lineage_trust_hwservice:hwservice_manager find;
-
-allow hal_lineage_trust_server self:capability sys_admin;
-
-allow hal_lineage_trust_server proc_deny_new_usb:file rw_file_perms;
diff --git a/common/dynamic/hwservice.te b/common/dynamic/hwservice.te
deleted file mode 100644
index 8fb249d..0000000
--- a/common/dynamic/hwservice.te
+++ /dev/null
@@ -1,6 +0,0 @@
-type hal_lineage_camera_motor_hwservice, hwservice_manager_type;
-type hal_lineage_fod_hwservice, hwservice_manager_type;
-type hal_lineage_livedisplay_hwservice, hwservice_manager_type;
-type hal_lineage_powershare_hwservice, hwservice_manager_type;
-type hal_lineage_touch_hwservice, hwservice_manager_type;
-type hal_lineage_trust_hwservice, hwservice_manager_type;
diff --git a/common/dynamic/hwservice_contexts b/common/dynamic/hwservice_contexts
deleted file mode 100644
index c01ee63..0000000
--- a/common/dynamic/hwservice_contexts
+++ /dev/null
@@ -1,18 +0,0 @@
-vendor.lineage.biometrics.fingerprint.inscreen::IFingerprintInscreen    u:object_r:hal_lineage_fod_hwservice:s0
-vendor.lineage.camera.motor::ICameraMotor                               u:object_r:hal_lineage_camera_motor_hwservice:s0
-vendor.lineage.livedisplay::IAdaptiveBacklight                          u:object_r:hal_lineage_livedisplay_hwservice:s0
-vendor.lineage.livedisplay::IAutoContrast                               u:object_r:hal_lineage_livedisplay_hwservice:s0
-vendor.lineage.livedisplay::IColorBalance                               u:object_r:hal_lineage_livedisplay_hwservice:s0
-vendor.lineage.livedisplay::IColorEnhancement                           u:object_r:hal_lineage_livedisplay_hwservice:s0
-vendor.lineage.livedisplay::IDisplayColorCalibration                    u:object_r:hal_lineage_livedisplay_hwservice:s0
-vendor.lineage.livedisplay::IDisplayModes                               u:object_r:hal_lineage_livedisplay_hwservice:s0
-vendor.lineage.livedisplay::IPictureAdjustment                          u:object_r:hal_lineage_livedisplay_hwservice:s0
-vendor.lineage.livedisplay::IReadingEnhancement                         u:object_r:hal_lineage_livedisplay_hwservice:s0
-vendor.lineage.livedisplay::ISunlightEnhancement                        u:object_r:hal_lineage_livedisplay_hwservice:s0
-vendor.lineage.power::ILineagePower                                     u:object_r:hal_power_hwservice:s0
-vendor.lineage.powershare::IPowerShare                                  u:object_r:hal_lineage_powershare_hwservice:s0
-vendor.lineage.touch::IGloveMode                                        u:object_r:hal_lineage_touch_hwservice:s0
-vendor.lineage.touch::IKeyDisabler                                      u:object_r:hal_lineage_touch_hwservice:s0
-vendor.lineage.touch::IStylusMode                                       u:object_r:hal_lineage_touch_hwservice:s0
-vendor.lineage.touch::ITouchscreenGesture                               u:object_r:hal_lineage_touch_hwservice:s0
-vendor.lineage.trust::IUsbRestrict                                      u:object_r:hal_lineage_trust_hwservice:s0
diff --git a/common/dynamic/property_contexts b/common/dynamic/property_contexts
deleted file mode 100644
index c0c52c6..0000000
--- a/common/dynamic/property_contexts
+++ /dev/null
@@ -1,2 +0,0 @@
-# Aux camera blacklist prop readable to everything
-vendor.camera.aux.packageblacklist     u:object_r:exported_default_prop:s0
diff --git a/common/private/adbd.te b/common/private/adbd.te
deleted file mode 100644
index e5ef587..0000000
--- a/common/private/adbd.te
+++ /dev/null
@@ -1,2 +0,0 @@
-allow adbd adbroot:binder call;
-allow adbd adbroot_service:service_manager find;
diff --git a/common/private/adbroot.te b/common/private/adbroot.te
deleted file mode 100644
index de201a6..0000000
--- a/common/private/adbroot.te
+++ /dev/null
@@ -1,14 +0,0 @@
-type adbroot, domain, coredomain;
-type adbroot_exec, exec_type, file_type, system_file_type;
-
-init_daemon_domain(adbroot)
-
-binder_use(adbroot)
-binder_service(adbroot)
-add_service(adbroot, adbroot_service)
-
-allow adbroot adbroot_data_file:dir rw_dir_perms;
-allow adbroot adbroot_data_file:file create_file_perms;
-
-set_prop(adbroot, shell_prop)
-set_prop(adbroot, ctl_adbd_prop)
diff --git a/common/private/backuptool.te b/common/private/backuptool.te
deleted file mode 100644
index b948b61..0000000
--- a/common/private/backuptool.te
+++ /dev/null
@@ -1,11 +0,0 @@
-type backuptool, domain, coredomain;
-
-neverallow {
-    domain
-    -recovery
-    -update_engine
-} backuptool:process transition;
-
-userdebug_or_eng(`
-    permissive backuptool;
-')
diff --git a/common/private/cameraserver.te b/common/private/cameraserver.te
deleted file mode 100644
index d91c174..0000000
--- a/common/private/cameraserver.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# Use HALs
-hal_client_domain(cameraserver, hal_lineage_camera_motor)
diff --git a/common/private/file.te b/common/private/file.te
deleted file mode 100644
index aa60d26..0000000
--- a/common/private/file.te
+++ /dev/null
@@ -1,3 +0,0 @@
-type sdcard_posix, sdcard_type, sdcard_posix_contextmount_type, fs_type, mlstrustedobject;
-type sysfs_io_sched_tuneable, fs_type, sysfs_type;
-type adbroot_data_file, file_type, data_file_type, core_data_file_type;
diff --git a/common/private/file_contexts b/common/private/file_contexts
deleted file mode 100644
index aa0199e..0000000
--- a/common/private/file_contexts
+++ /dev/null
@@ -1,26 +0,0 @@
-# Filesystem tools
-/system/bin/fsck\.ntfs                  u:object_r:fsck_exec:s0
-/system/bin/mkfs\.exfat                 u:object_r:mkfs_exec:s0
-/system/bin/mkfs\.f2fs                  u:object_r:mkfs_exec:s0
-/system/bin/mkfs\.ntfs                  u:object_r:mkfs_exec:s0
-
-# I/O Scheduler
-/sys/devices(/platform)?/msm_sdcc\.[0-9]/mmc_host/mmc[0-9]/mmc[0-9]:[a-f0-9]+/block/mmcblk[0-9]/queue(/.*)? u:object_r:sysfs_io_sched_tuneable:s0
-/sys/devices(/platform)?/soc(\.[0-9])?/[a-f0-9]+\.sdhci/mmc_host/mmc[0-9]/mmc[0-9]:[a-f0-9]+/block/mmcblk[0-9]/queue(/.*)? u:object_r:sysfs_io_sched_tuneable:s0
-/sys/devices(/platform)?/soc(\.[0-9])?/[a-f0-9]+\.ufshc/host[0-9]/target[0-9]+:[0-9]+:[0-9]+/[0-9]+:[0-9]+:[0-9]+:[0-9]+/block/sd[a-z]+/queue(/.*)? u:object_r:sysfs_io_sched_tuneable:s0
-/sys/devices/virtual/block/dm-[a-z0-9]+/queue(/.*)? u:object_r:sysfs_io_sched_tuneable:s0
-
-# OTA packages
-/data/aicp_updates(/.*)?           u:object_r:ota_package_file:s0
-
-# Postinstall
-/system/bin/backuptool_ab\.functions              u:object_r:otapreopt_chroot_exec:s0
-/system/bin/backuptool_ab\.sh                     u:object_r:otapreopt_chroot_exec:s0
-/system/bin/backuptool_postinstall\.sh            u:object_r:otapreopt_chroot_exec:s0
-
-# ADB Root
-/system/bin/adb_root       u:object_r:adbroot_exec:s0
-/data/adbroot(/.*)?        u:object_r:adbroot_data_file:s0
-
-# Bash
-/system/xbin/bash          u:object_r:shell_exec:s0
diff --git a/common/private/fsck_untrusted.te b/common/private/fsck_untrusted.te
deleted file mode 100644
index 5d12f76..0000000
--- a/common/private/fsck_untrusted.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# External storage
-allow fsck_untrusted self:capability sys_admin;
diff --git a/common/private/gallery_app.te b/common/private/gallery_app.te
deleted file mode 100644
index e3453bf..0000000
--- a/common/private/gallery_app.te
+++ /dev/null
@@ -1,29 +0,0 @@
-type gallery_app, domain, coredomain;
-
-app_domain(gallery_app)
-net_domain(gallery_app)
-
-# Access standard system services
-allow gallery_app app_api_service:service_manager find;
-allow gallery_app audioserver_service:service_manager find;
-allow gallery_app cameraserver_service:service_manager find;
-allow gallery_app drmserver_service:service_manager find;
-allow gallery_app mediaextractor_service:service_manager find;
-allow gallery_app mediaserver_service:service_manager find;
-allow gallery_app mediametrics_service:service_manager find;
-allow gallery_app nfc_service:service_manager find;
-allow gallery_app surfaceflinger_service:service_manager find;
-
-allow gallery_app hidl_token_hwservice:hwservice_manager find;
-
-# Allow to read and execute camera app modules
-typeattribute gallery_app system_executes_vendor_violators;
-allow gallery_app vendor_file:file { rx_file_perms };
-
-# Read and write system app data files passed over Binder.
-# Motivating case was /data/data/com.android.settings/cache/*.jpg for
-# cropping or taking user photos.
-allow gallery_app system_app_data_file:file { read write getattr };
-
-# Binder call with gpuservice
-binder_call(gallery_app, gpuservice)
diff --git a/common/private/genfs_contexts b/common/private/genfs_contexts
deleted file mode 100644
index c629305..0000000
--- a/common/private/genfs_contexts
+++ /dev/null
@@ -1,5 +0,0 @@
-ifelse(board_excludes_fuseblk_sepolicy, `true', ,
-genfscon fuseblk / u:object_r:vfat:s0
-)
-
-genfscon sysfs /devices/virtual/timed_output/vibrator u:object_r:sysfs_vibrator:s0
diff --git a/common/private/init.te b/common/private/init.te
deleted file mode 100644
index 9eca0e5..0000000
--- a/common/private/init.te
+++ /dev/null
@@ -1,6 +0,0 @@
-allow init sysfs_dm:dir relabelfrom;
-allow init sysfs_dm:file relabelfrom;
-
-allow init {
-    sysfs_io_sched_tuneable
-}:file { setattr w_file_perms };
diff --git a/common/private/mkfs.te b/common/private/mkfs.te
deleted file mode 100644
index 2c16520..0000000
--- a/common/private/mkfs.te
+++ /dev/null
@@ -1,9 +0,0 @@
-type mkfs, coredomain, domain;
-type mkfs_exec, system_file_type, exec_type, file_type;
-
-init_daemon_domain(mkfs)
-
-# Allow formatting userdata or cache partitions
-allow mkfs block_device:dir search;
-allow mkfs userdata_block_device:blk_file rw_file_perms;
-allow mkfs cache_block_device:blk_file rw_file_perms;
diff --git a/common/private/platform_app.te b/common/private/platform_app.te
deleted file mode 100644
index fa3cb86..0000000
--- a/common/private/platform_app.te
+++ /dev/null
@@ -1,11 +0,0 @@
-# Allow NFC service to be found
-allow platform_app nfc_service:service_manager find;
-
-# Allow FOD HAL service to be found
-hal_client_domain(platform_app, hal_lineage_fod)
-
-# Allow LiveDisplay HAL service to be found
-hal_client_domain(platform_app, hal_lineage_livedisplay)
-
-# Allow PowerShare HAL service to be found
-hal_client_domain(platform_app, hal_lineage_powershare)
diff --git a/common/private/property.te b/common/private/property.te
deleted file mode 100644
index 14cba21..0000000
--- a/common/private/property.te
+++ /dev/null
@@ -1 +0,0 @@
-type recovery_update_prop, property_type, extended_core_property_type;
diff --git a/common/private/property_contexts b/common/private/property_contexts
deleted file mode 100644
index 9d6a435..0000000
--- a/common/private/property_contexts
+++ /dev/null
@@ -1,5 +0,0 @@
-ro.telephony.use_old_mnc_mcc_format    u:object_r:exported3_default_prop:s0
-persist.aicp.                          u:object_r:system_prop:s0
-
-# Recovery update
-persist.vendor.recovery_update         u:object_r:recovery_update_prop:s0
diff --git a/common/private/recovery.te b/common/private/recovery.te
deleted file mode 100644
index 2b6f7fa..0000000
--- a/common/private/recovery.te
+++ /dev/null
@@ -1,20 +0,0 @@
-recovery_only(`
-userdebug_or_eng(`
-permissive recovery;
-')
-
-# Volume manager
-allow recovery block_device:dir create_dir_perms;
-allow recovery block_device:blk_file { create unlink rw_file_perms };
-allow recovery self:capability { mknod fsetid };
-allow recovery proc_filesystems:file r_file_perms;
-allow recovery self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
-allow recovery sysfs:file w_file_perms; # writing to /sys/*/uevent during coldboot.
-allow recovery tmpfs:file link;
-allow recovery rootfs:dir w_dir_perms;
-allow recovery rootfs:file { create_file_perms link };
-allow recovery media_rw_data_file:dir r_dir_perms;
-
-# Read fbe encryption info
-r_dir_file(recovery, unencrypted_data_file)
-')
diff --git a/common/private/rootfs.te b/common/private/rootfs.te
deleted file mode 100644
index 7cfb964..0000000
--- a/common/private/rootfs.te
+++ /dev/null
@@ -1 +0,0 @@
-allow rootfs labeledfs:filesystem associate;
diff --git a/common/private/sdcardfs.te b/common/private/sdcardfs.te
deleted file mode 100644
index 245f9a8..0000000
--- a/common/private/sdcardfs.te
+++ /dev/null
@@ -1 +0,0 @@
-allow sdcardfs labeledfs:filesystem associate;
diff --git a/common/private/seapp_contexts b/common/private/seapp_contexts
deleted file mode 100644
index 0b94f96..0000000
--- a/common/private/seapp_contexts
+++ /dev/null
@@ -1,3 +0,0 @@
-user=_app isPrivApp=true seinfo=platform name=com.android.gallery3d domain=gallery_app type=app_data_file levelFrom=user
-user=_app isPrivApp=true seinfo=platform name=org.lineageos.snap domain=snap_app type=app_data_file levelFrom=user
-user=_app isPrivApp=true seinfo=platform name=org.lineageos.updater domain=updater_app type=app_data_file levelFrom=user
diff --git a/common/private/service.te b/common/private/service.te
deleted file mode 100644
index 541fdf7..0000000
--- a/common/private/service.te
+++ /dev/null
@@ -1,10 +0,0 @@
-type adbroot_service,                   service_manager_type;
-type lineage_audio_service, system_api_service, system_server_service, service_manager_type;
-type lineage_hardware_service, system_api_service, system_server_service, service_manager_type;
-type lineage_livedisplay_service, system_api_service, system_server_service, service_manager_type;
-type lineage_performance_service, system_api_service, system_server_service, service_manager_type;
-type lineage_profile_service, system_api_service, system_server_service, service_manager_type;
-type lineage_trust_service, system_api_service, system_server_service, service_manager_type;
-type lineage_weather_service, system_api_service, system_server_service, service_manager_type;
-# Pocket Judge
-type pocket_service, system_api_service, system_server_service, service_manager_type;
diff --git a/common/private/service_contexts b/common/private/service_contexts
deleted file mode 100644
index 0525af9..0000000
--- a/common/private/service_contexts
+++ /dev/null
@@ -1,10 +0,0 @@
-lineageaudio                              u:object_r:lineage_audio_service:s0
-lineagehardware                           u:object_r:lineage_hardware_service:s0
-lineagelivedisplay                        u:object_r:lineage_livedisplay_service:s0
-lineageperformance                        u:object_r:lineage_performance_service:s0
-lineagetrust                              u:object_r:lineage_trust_service:s0
-lineageweather                            u:object_r:lineage_weather_service:s0
-profile                                   u:object_r:lineage_profile_service:s0
-
-adbroot_service                           u:object_r:adbroot_service:s0
-pocket                                    u:object_r:pocket_service:s0
diff --git a/common/private/snap_app.te b/common/private/snap_app.te
deleted file mode 100644
index 178aafa..0000000
--- a/common/private/snap_app.te
+++ /dev/null
@@ -1,39 +0,0 @@
-type snap_app, domain, coredomain;
-
-app_domain(snap_app)
-net_domain(snap_app)
-
-# Access standard system services
-allow snap_app app_api_service:service_manager find;
-allow snap_app audioserver_service:service_manager find;
-allow snap_app cameraserver_service:service_manager find;
-allow snap_app drmserver_service:service_manager find;
-allow snap_app mediaextractor_service:service_manager find;
-allow snap_app mediaserver_service:service_manager find;
-allow snap_app mediametrics_service:service_manager find;
-allow snap_app nfc_service:service_manager find;
-allow snap_app surfaceflinger_service:service_manager find;
-
-allow snap_app hidl_token_hwservice:hwservice_manager find;
-
-# Allow to read and execute camera app modules
-typeattribute snap_app system_executes_vendor_violators;
-allow snap_app vendor_file:file { rx_file_perms };
-
-# Execute libraries from RenderScript cache
-allow snap_app app_data_file:file { rx_file_perms };
-
-# Execute /system/bin/bcc
-allow snap_app rs_exec:file rx_file_perms;
-
-# Read memory info
-allow snap_app proc_meminfo:file r_file_perms;
-
-# gdbserver / stack traces
-allow snap_app self:process ptrace;
-
-# Read and write system app data files passed over Binder.
-allow snap_app system_app_data_file:file { read write getattr };
-
-# Binder call with gpuservice
-binder_call(snap_app, gpuservice)
diff --git a/common/private/system_app.te b/common/private/system_app.te
deleted file mode 100644
index 635889f..0000000
--- a/common/private/system_app.te
+++ /dev/null
@@ -1,13 +0,0 @@
-# For the updaters
-allow system_app cache_recovery_file:dir {add_name rw_file_perms};
-allow system_app cache_recovery_file:file {create rw_file_perms};
-
-# Allow Settings to read ro.vendor.build.security_patch
-get_prop(system_app, vendor_security_patch_level_prop)
-
-# Allow access to the HALs
-hal_client_domain(system_app, hal_lineage_livedisplay)
-hal_client_domain(system_app, hal_lineage_touch)
-
-#selinux status
-allow system_app selinuxfs:file r_file_perms;
diff --git a/common/private/system_server.te b/common/private/system_server.te
deleted file mode 100644
index a7c48cb..0000000
--- a/common/private/system_server.te
+++ /dev/null
@@ -1,16 +0,0 @@
-allow system_server storage_stub_file:dir getattr;
-
-allow system_server adbroot_service:service_manager find;
-
-# Pocket judge
-allow system_server pocket_service:service_manager { add find };
-
-# Use HALs
-hal_client_domain(system_server, hal_lineage_fod)
-hal_client_domain(system_server, hal_lineage_livedisplay)
-hal_client_domain(system_server, hal_lineage_touch)
-hal_client_domain(system_server, hal_lineage_trust)
-hal_client_domain(system_server, hal_lineage_powershare)
-
-# adb properties for adb over network
-set_prop(system_server, shell_prop);
diff --git a/common/private/untrusted_app.te b/common/private/untrusted_app.te
deleted file mode 100644
index 39d2b4b..0000000
--- a/common/private/untrusted_app.te
+++ /dev/null
@@ -1,2 +0,0 @@
-allow untrusted_app_all lineage_profile_service:service_manager find;
-allow untrusted_app_all lineage_weather_service:service_manager find;
diff --git a/common/private/update_engine.te b/common/private/update_engine.te
deleted file mode 100644
index 57a3c86..0000000
--- a/common/private/update_engine.te
+++ /dev/null
@@ -1,17 +0,0 @@
-# Allow update_engine to call the callback function provided by updater_app
-binder_call(update_engine, updater_app)
-
-# Read updates from storage data
-r_dir_file(update_engine, mnt_user_file)
-r_dir_file(update_engine, storage_file)
-
-# Allow mount and unmount of system partition
-allow update_engine labeledfs:filesystem { mount unmount };
-
-# Allow transition to backuptool domain
-allow update_engine self:process setexec;
-domain_trans(update_engine, otapreopt_chroot_exec, backuptool)
-
-# Allow to install OTA's from local storage
-allow update_engine backuptool:process noatsecure;
-allow update_engine media_rw_data_file:file { open read getattr };
diff --git a/common/private/updater_app.te b/common/private/updater_app.te
deleted file mode 100644
index f0d2243..0000000
--- a/common/private/updater_app.te
+++ /dev/null
@@ -1,28 +0,0 @@
-type updater_app, domain, coredomain;
-
-app_domain(updater_app)
-net_domain(updater_app)
-
-binder_call(updater_app, gpuservice)
-binder_call(updater_app, update_engine)
-
-allow updater_app app_api_service:service_manager find;
-allow updater_app recovery_service:service_manager find;
-allow updater_app system_api_service:service_manager find;
-allow updater_app update_engine_service:service_manager find;
-
-allow updater_app app_data_file:dir create_dir_perms;
-allow updater_app app_data_file:{ file lnk_file } create_file_perms;
-
-allow updater_app cache_file:dir r_dir_perms;
-
-allow updater_app cache_recovery_file:dir rw_dir_perms;
-allow updater_app cache_recovery_file:file create_file_perms;
-
-allow updater_app ota_package_file:dir create_dir_perms;
-allow updater_app ota_package_file:file create_file_perms;
-
-get_prop(updater_app, default_prop)
-get_prop(updater_app, exported2_default_prop)
-
-set_prop(updater_app, recovery_update_prop)
diff --git a/common/private/vold.te b/common/private/vold.te
deleted file mode 100644
index 915190b..0000000
--- a/common/private/vold.te
+++ /dev/null
@@ -1,11 +0,0 @@
-# NTFS-3g wants to drop permission
-allow vold self:capability { setgid setuid };
-
-# External storage
-allow vold mkfs_exec:file rx_file_perms;
-allow vold mnt_media_rw_stub_file:dir r_dir_perms;
-allow vold storage_stub_file:dir rw_dir_perms;
-
-# External EXT4/F2FS storage
-allow vold sdcard_posix:filesystem { relabelto relabelfrom };
-allow vold labeledfs:filesystem relabelfrom;
diff --git a/common/public/attributes b/common/public/attributes
deleted file mode 100644
index 6fb39b0..0000000
--- a/common/public/attributes
+++ /dev/null
@@ -1,7 +0,0 @@
-# HALs
-hal_attribute_lineage(lineage_camera_motor)
-hal_attribute_lineage(lineage_fod)
-hal_attribute_lineage(lineage_livedisplay)
-hal_attribute_lineage(lineage_touch)
-hal_attribute_lineage(lineage_trust)
-hal_attribute_lineage(lineage_powershare)
diff --git a/common/public/file.te b/common/public/file.te
deleted file mode 100644
index 871b09e..0000000
--- a/common/public/file.te
+++ /dev/null
@@ -1 +0,0 @@
-type dummy_type_meant_to_prevent_selinux_compilation_from_failing_when_system_ext_public_dir_has_nothing_but_attributes;
diff --git a/common/public/te_macros b/common/public/te_macros
deleted file mode 100644
index 2af4893..0000000
--- a/common/public/te_macros
+++ /dev/null
@@ -1,10 +0,0 @@
-#####################################
-# hal_attribute_lineage(hal_name)
-define(`hal_attribute_lineage', `
-attribute hal_$1;
-expandattribute hal_$1 true;
-attribute hal_$1_client;
-expandattribute hal_$1_client true;
-attribute hal_$1_server;
-expandattribute hal_$1_server false;
-')
diff --git a/common/sepolicy.mk b/common/sepolicy.mk
deleted file mode 100644
index f304a2c..0000000
--- a/common/sepolicy.mk
+++ /dev/null
@@ -1,35 +0,0 @@
-#
-# This policy configuration will be used by all products that
-# inherit from Lineage
-#
-
-ifeq ($(TARGET_COPY_OUT_VENDOR), vendor)
-ifeq ($(BOARD_VENDORIMAGE_FILE_SYSTEM_TYPE),)
-TARGET_USES_PREBUILT_VENDOR_SEPOLICY ?= true
-endif
-endif
-
-ifeq ($(TARGET_USES_PREBUILT_VENDOR_SEPOLICY), true)
-ifeq ($(TARGET_HAS_FUSEBLK_SEPOLICY_ON_VENDOR),true)
-BOARD_SEPOLICY_M4DEFS += board_excludes_fuseblk_sepolicy=true
-endif
-endif
-
-BOARD_PLAT_PUBLIC_SEPOLICY_DIR += \
-    device/aicp/sepolicy/common/public
-
-BOARD_PLAT_PRIVATE_SEPOLICY_DIR += \
-    device/aicp/sepolicy/common/private
-
-ifeq ($(TARGET_USES_PREBUILT_VENDOR_SEPOLICY), true)
-BOARD_PLAT_PRIVATE_SEPOLICY_DIR += \
-    device/aicp/sepolicy/common/dynamic \
-    device/aicp/sepolicy/common/system
-else
-BOARD_VENDOR_SEPOLICY_DIRS += \
-    device/aicp/sepolicy/common/dynamic \
-    device/aicp/sepolicy/common/vendor
-endif
-
-# Selectively include legacy rules defined by the products
--include device/aicp/sepolicy/legacy-common/sepolicy.mk
diff --git a/common/system/file_contexts b/common/system/file_contexts
deleted file mode 100644
index 8fc1e77..0000000
--- a/common/system/file_contexts
+++ /dev/null
@@ -1,2 +0,0 @@
-# Trust
-/system/bin/hw/lineage\.trust@1\.0-service      u:object_r:hal_lineage_trust_default_exec:s0
diff --git a/common/system/hal_lineage_trust.te b/common/system/hal_lineage_trust.te
deleted file mode 100644
index 9004f6c..0000000
--- a/common/system/hal_lineage_trust.te
+++ /dev/null
@@ -1,5 +0,0 @@
-type hal_lineage_trust_default, coredomain, domain;
-hal_server_domain(hal_lineage_trust_default, hal_lineage_trust)
-
-type hal_lineage_trust_default_exec, exec_type, system_file_type, file_type;
-init_daemon_domain(hal_lineage_trust_default)
diff --git a/common/vendor/file_contexts b/common/vendor/file_contexts
deleted file mode 100644
index 3c18010..0000000
--- a/common/vendor/file_contexts
+++ /dev/null
@@ -1,23 +0,0 @@
-# Fingerprint HAL
-/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.0-service u:object_r:hal_fingerprint_default_exec:s0
-
-# GNSS HAL
-/(vendor|system/vendor)/bin/hw/android\.hardware\.gnss@1\.0-service\.legacy u:object_r:hal_gnss_default_exec:s0
-
-# Light HAL
-/(vendor|system/vendor)/bin/hw/android\.hardware\.light@2\.0-service\.aw2013 u:object_r:hal_light_default_exec:s0
-
-# LiveDisplay HAL
-/(vendor|system/vendor)/bin/hw/vendor\.lineage\.livedisplay@2\.0-service-sysfs    u:object_r:hal_lineage_livedisplay_sysfs_exec:s0
-
-# Trust HAL
-/(vendor|system/vendor)/bin/hw/vendor\.lineage\.trust@1\.0-service u:object_r:hal_lineage_trust_default_exec:s0
-
-# USB HAL
-/(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.0-service\.basic u:object_r:hal_usb_default_exec:s0
-
-# Vibrator HAL
-/(vendor|system/vendor)/bin/hw/android\.hardware\.vibrator@1\.0-service\.lineage u:object_r:hal_vibrator_default_exec:s0
-
-# Wi-Fi HAL
-/(vendor|system/vendor)/bin/hw/android\.hardware\.wifi@1\.0-service\.legacy u:object_r:hal_wifi_default_exec:s0
diff --git a/common/vendor/hal_lineage_camera_motor_default.te b/common/vendor/hal_lineage_camera_motor_default.te
deleted file mode 100644
index e742834..0000000
--- a/common/vendor/hal_lineage_camera_motor_default.te
+++ /dev/null
@@ -1,5 +0,0 @@
-type hal_lineage_camera_motor_default, domain;
-hal_server_domain(hal_lineage_camera_motor_default, hal_lineage_camera_motor)
-
-type hal_lineage_camera_motor_default_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(hal_lineage_camera_motor_default)
diff --git a/common/vendor/hal_lineage_fod_default.te b/common/vendor/hal_lineage_fod_default.te
deleted file mode 100644
index 732d002..0000000
--- a/common/vendor/hal_lineage_fod_default.te
+++ /dev/null
@@ -1,5 +0,0 @@
-type hal_lineage_fod_default, domain;
-hal_server_domain(hal_lineage_fod_default, hal_lineage_fod)
-
-type hal_lineage_fod_default_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(hal_lineage_fod_default)
diff --git a/common/vendor/hal_lineage_livedisplay_sysfs.te b/common/vendor/hal_lineage_livedisplay_sysfs.te
deleted file mode 100644
index 0b6783c..0000000
--- a/common/vendor/hal_lineage_livedisplay_sysfs.te
+++ /dev/null
@@ -1,8 +0,0 @@
-type hal_lineage_livedisplay_sysfs, domain;
-hal_server_domain(hal_lineage_livedisplay_sysfs, hal_lineage_livedisplay)
-
-type hal_lineage_livedisplay_sysfs_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(hal_lineage_livedisplay_sysfs)
-
-# Grant access over LiveDisplay tuneables
-allow hal_lineage_livedisplay_sysfs sysfs_livedisplay_tuneable:file rw_file_perms;
diff --git a/common/vendor/hal_lineage_powershare_default.te b/common/vendor/hal_lineage_powershare_default.te
deleted file mode 100644
index 23192c8..0000000
--- a/common/vendor/hal_lineage_powershare_default.te
+++ /dev/null
@@ -1,5 +0,0 @@
-type hal_lineage_powershare_default, domain;
-hal_server_domain(hal_lineage_powershare_default, hal_lineage_powershare)
-
-type hal_lineage_powershare_default_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(hal_lineage_powershare_default)
diff --git a/common/vendor/hal_lineage_touch_default.te b/common/vendor/hal_lineage_touch_default.te
deleted file mode 100644
index dc68b98..0000000
--- a/common/vendor/hal_lineage_touch_default.te
+++ /dev/null
@@ -1,5 +0,0 @@
-type hal_lineage_touch_default, domain;
-hal_server_domain(hal_lineage_touch_default, hal_lineage_touch)
-
-type hal_lineage_touch_default_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(hal_lineage_touch_default)
diff --git a/common/vendor/hal_lineage_trust_default.te b/common/vendor/hal_lineage_trust_default.te
deleted file mode 100644
index 2afad88..0000000
--- a/common/vendor/hal_lineage_trust_default.te
+++ /dev/null
@@ -1,5 +0,0 @@
-type hal_lineage_trust_default, domain;
-hal_server_domain(hal_lineage_trust_default, hal_lineage_trust)
-
-type hal_lineage_trust_default_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(hal_lineage_trust_default)
diff --git a/common/vendor/hal_vibrator_default.te b/common/vendor/hal_vibrator_default.te
deleted file mode 100644
index cd92236..0000000
--- a/common/vendor/hal_vibrator_default.te
+++ /dev/null
@@ -1 +0,0 @@
-hwbinder_use(hal_vibrator_default)
diff --git a/common/vendor/property_contexts b/common/vendor/property_contexts
deleted file mode 100644
index 13fd58e..0000000
--- a/common/vendor/property_contexts
+++ /dev/null
@@ -1,2 +0,0 @@
-# Aux camera whitelist prop readable to everything
-vendor.camera.aux.packagelist          u:object_r:exported_default_prop:s0
diff --git a/exynos/sepolicy.mk b/exynos/sepolicy.mk
deleted file mode 100644
index 3f208b7..0000000
--- a/exynos/sepolicy.mk
+++ /dev/null
@@ -1,23 +0,0 @@
-#
-# This policy configuration will be used by all exynos products
-# that inherit from Lineage
-#
-
-ifeq ($(TARGET_COPY_OUT_VENDOR), vendor)
-ifeq ($(BOARD_VENDORIMAGE_FILE_SYSTEM_TYPE),)
-TARGET_USES_PREBUILT_VENDOR_SEPOLICY ?= true
-endif
-endif
-
-BOARD_PLAT_PRIVATE_SEPOLICY_DIR += \
-    device/aicp/sepolicy/exynos/private
-
-ifeq ($(TARGET_USES_PREBUILT_VENDOR_SEPOLICY), true)
-BOARD_PLAT_PRIVATE_SEPOLICY_DIR += \
-    device/aicp/sepolicy/exynos/dynamic \
-    device/aicp/sepolicy/exynos/system
-else
-BOARD_VENDOR_SEPOLICY_DIRS += \
-    device/aicp/sepolicy/exynos/dynamic \
-    device/aicp/sepolicy/exynos/vendor
-endif
diff --git a/exynos/system/file_contexts b/exynos/system/file_contexts
deleted file mode 100644
index bcaf8af..0000000
--- a/exynos/system/file_contexts
+++ /dev/null
@@ -1,2 +0,0 @@
-# LiveDisplay
-/system/bin/hw/lineage\.livedisplay@[0-9]\.[0-9]-service.samsung-exynos    u:object_r:hal_lineage_livedisplay_exynos_exec:s0
diff --git a/exynos/system/hal_lineage_livedisplay_exynos.te b/exynos/system/hal_lineage_livedisplay_exynos.te
deleted file mode 100644
index 3000524..0000000
--- a/exynos/system/hal_lineage_livedisplay_exynos.te
+++ /dev/null
@@ -1,12 +0,0 @@
-type hal_lineage_livedisplay_exynos, coredomain, domain;
-hal_server_domain(hal_lineage_livedisplay_exynos, hal_lineage_livedisplay)
-
-type hal_lineage_livedisplay_exynos_exec, exec_type, system_file_type, file_type;
-init_daemon_domain(hal_lineage_livedisplay_exynos)
-
-type hal_display_color_hwservice, hwservice_manager_type;
-allow hal_lineage_livedisplay_exynos hal_display_color_hwservice:hwservice_manager find;
-
-type hal_display_color_default, domain;
-binder_call(hal_lineage_livedisplay_exynos, hal_display_color_default)
-binder_use(hal_lineage_livedisplay_exynos)
diff --git a/exynos/vendor/file_contexts b/exynos/vendor/file_contexts
deleted file mode 100644
index a5b7884..0000000
--- a/exynos/vendor/file_contexts
+++ /dev/null
@@ -1,2 +0,0 @@
-# LiveDisplay HAL
-/(vendor|system/vendor)/bin/hw/vendor\.lineage\.livedisplay@[0-9]\.[0-9]-service\.samsung-exynos    u:object_r:hal_lineage_livedisplay_exynos_exec:s0
diff --git a/exynos/vendor/hal_lineage_livedisplay_exynos.te b/exynos/vendor/hal_lineage_livedisplay_exynos.te
deleted file mode 100644
index eaa8413..0000000
--- a/exynos/vendor/hal_lineage_livedisplay_exynos.te
+++ /dev/null
@@ -1,12 +0,0 @@
-type hal_lineage_livedisplay_exynos, domain;
-hal_server_domain(hal_lineage_livedisplay_exynos, hal_lineage_livedisplay)
-
-type hal_lineage_livedisplay_exynos_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(hal_lineage_livedisplay_exynos)
-
-# Allow LiveDisplay HAL's default implementation to use vendor-binder service
-vndbinder_use(hal_lineage_livedisplay_exynos)
-
-# Allow LiveDisplay to store files under /data/vendor/display and access them
-allow hal_lineage_livedisplay_exynos display_vendor_data_file:dir rw_dir_perms;
-allow hal_lineage_livedisplay_exynos display_vendor_data_file:file create_file_perms;
diff --git a/legacy-common/public/legacy-camera-hal1/mediaserver.te b/legacy-common/public/legacy-camera-hal1/mediaserver.te
deleted file mode 100644
index ffd5c57..0000000
--- a/legacy-common/public/legacy-camera-hal1/mediaserver.te
+++ /dev/null
@@ -1,8 +0,0 @@
-# Legacy camera HAL1
-add_service(mediaserver, cameraserver_service)
-add_hwservice(mediaserver, fwk_camera_hwservice)
-
-allow mediaserver { cameraproxy_service sensor_privacy_service }:service_manager find;
-allow mediaserver hal_camera_hwservice:hwservice_manager find;
-
-hal_client_domain(mediaserver, hal_lineage_camera_motor)
diff --git a/legacy-common/sepolicy.mk b/legacy-common/sepolicy.mk
deleted file mode 100644
index 5bdf759..0000000
--- a/legacy-common/sepolicy.mk
+++ /dev/null
@@ -1,9 +0,0 @@
-#
-# This policy configuration will be used by select legacy products that
-# inherit from Lineage
-#
-
-ifeq ($(TARGET_HAS_LEGACY_CAMERA_HAL1), true)
-BOARD_PLAT_PUBLIC_SEPOLICY_DIR += \
-    device/aicp/sepolicy/legacy-common/public/legacy-camera-hal1
-endif
diff --git a/qcom/dynamic/hal_lineage_livedisplay_qti.te b/qcom/dynamic/hal_lineage_livedisplay_qti.te
deleted file mode 100644
index 76c79ba..0000000
--- a/qcom/dynamic/hal_lineage_livedisplay_qti.te
+++ /dev/null
@@ -1,7 +0,0 @@
-# Do not use add_service() as hal_graphics_composer_default may be the provider as well
-allow hal_lineage_livedisplay_qti qdisplay_service:service_manager find;
-
-binder_call(hal_lineage_livedisplay_qti, hal_graphics_composer_default)
-
-# Allow LiveDisplay to access vendor display property
-get_prop(hal_lineage_livedisplay_qti, vendor_display_prop)
diff --git a/qcom/dynamic/hal_lineage_livedisplay_sysfs.te b/qcom/dynamic/hal_lineage_livedisplay_sysfs.te
deleted file mode 100644
index d2c1eae..0000000
--- a/qcom/dynamic/hal_lineage_livedisplay_sysfs.te
+++ /dev/null
@@ -1,4 +0,0 @@
-# Allow LiveDisplay to access vendor display property
-get_prop(hal_lineage_livedisplay_sysfs, vendor_display_prop)
-
-r_dir_file(hal_lineage_livedisplay_sysfs, sysfs_graphics)
diff --git a/qcom/legacy-vendor/hal_lineage_livedisplay_qti.te b/qcom/legacy-vendor/hal_lineage_livedisplay_qti.te
deleted file mode 100644
index c54d52b..0000000
--- a/qcom/legacy-vendor/hal_lineage_livedisplay_qti.te
+++ /dev/null
@@ -1 +0,0 @@
-unix_socket_connect(hal_lineage_livedisplay_qti, pps, mm-pp-daemon)
diff --git a/qcom/private/property_contexts b/qcom/private/property_contexts
deleted file mode 100644
index 021afb9..0000000
--- a/qcom/private/property_contexts
+++ /dev/null
@@ -1,2 +0,0 @@
-# FM
-hw.fm.                                  u:object_r:exported3_system_prop:s0
diff --git a/qcom/sepolicy.mk b/qcom/sepolicy.mk
deleted file mode 100644
index 1f75685..0000000
--- a/qcom/sepolicy.mk
+++ /dev/null
@@ -1,40 +0,0 @@
-#
-# This policy configuration will be used by all qcom products
-# that inherit from Lineage
-#
-
-ifeq ($(TARGET_COPY_OUT_VENDOR), vendor)
-ifeq ($(BOARD_VENDORIMAGE_FILE_SYSTEM_TYPE),)
-TARGET_USES_PREBUILT_VENDOR_SEPOLICY ?= true
-endif
-endif
-
-BOARD_PLAT_PRIVATE_SEPOLICY_DIR += \
-    device/aicp/sepolicy/qcom/private
-
-ifeq ($(TARGET_USES_PREBUILT_VENDOR_SEPOLICY), true)
-BOARD_PLAT_PRIVATE_SEPOLICY_DIR += \
-    device/aicp/sepolicy/qcom/dynamic \
-    device/aicp/sepolicy/qcom/system
-else
-BOARD_VENDOR_SEPOLICY_DIRS += \
-    device/aicp/sepolicy/qcom/dynamic \
-    device/aicp/sepolicy/qcom/vendor
-endif
-
-ifneq ($(filter msm8226 msm8610 msm8974 msm8909 msm8916 msm8952 msm8992 msm8994,$(TARGET_BOARD_PLATFORM)),)
-BOARD_VENDOR_SEPOLICY_DIRS += \
-    device/aicp/sepolicy/qcom/legacy-vendor
-endif
-
-ifeq (,$(filter msm8226 msm8610 msm8974 msm8909 msm8916 msm8952 msm8992 msm8994 msm8937 msm8953 msm8996 msm8998 sdm660 sdm710 sdm845, $(TARGET_BOARD_PLATFORM)))
-BOARD_SEPOLICY_M4DEFS += \
-    qdisplay_service=vendor_qdisplay_service \
-    sysfs_graphics=vendor_sysfs_graphics \
-    hal_keymaster_qti_exec=vendor_hal_keymaster_qti_exec \
-    persist_block_device=vendor_persist_block_device \
-    display_vendor_data_file=vendor_display_vendor_data_file \
-    hal_perf_default=vendor_hal_perf_default \
-    sysfs_battery_supply=vendor_sysfs_battery_supply \
-    sysfs_usb_supply=vendor_sysfs_usb_supply
-endif
diff --git a/qcom/system/file_contexts b/qcom/system/file_contexts
deleted file mode 100644
index 9299944..0000000
--- a/qcom/system/file_contexts
+++ /dev/null
@@ -1,2 +0,0 @@
-# LiveDisplay
-/system/bin/hw/lineage\.livedisplay@2\.0-service-sdm        u:object_r:hal_lineage_livedisplay_qti_exec:s0
diff --git a/qcom/system/hal_lineage_livedisplay_qti.te b/qcom/system/hal_lineage_livedisplay_qti.te
deleted file mode 100644
index 5100ae3..0000000
--- a/qcom/system/hal_lineage_livedisplay_qti.te
+++ /dev/null
@@ -1,12 +0,0 @@
-type hal_lineage_livedisplay_qti, coredomain, domain;
-hal_server_domain(hal_lineage_livedisplay_qti, hal_lineage_livedisplay)
-
-type hal_lineage_livedisplay_qti_exec, exec_type, system_file_type, file_type;
-init_daemon_domain(hal_lineage_livedisplay_qti)
-
-type hal_display_color_hwservice, hwservice_manager_type;
-allow hal_lineage_livedisplay_qti hal_display_color_hwservice:hwservice_manager find;
-
-type hal_display_color_default, domain;
-binder_call(hal_lineage_livedisplay_qti, hal_display_color_default)
-binder_use(hal_lineage_livedisplay_qti)
diff --git a/qcom/vendor/file_contexts b/qcom/vendor/file_contexts
deleted file mode 100644
index 1db2091..0000000
--- a/qcom/vendor/file_contexts
+++ /dev/null
@@ -1,9 +0,0 @@
-# CryptfsHW HAL
-/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.cryptfshw@1\.0-service-qti\.qsee   u:object_r:hal_keymaster_qti_exec:s0
-
-# LiveDisplay HAL
-/(vendor|system/vendor)/bin/hw/vendor\.lineage\.livedisplay@2\.0-service-legacymm u:object_r:hal_lineage_livedisplay_qti_exec:s0
-/(vendor|system/vendor)/bin/hw/vendor\.lineage\.livedisplay@2\.0-service-sdm      u:object_r:hal_lineage_livedisplay_qti_exec:s0
-
-# Power
-/(vendor|system/vendor)/bin/hw/android\.hardware\.power-service-qti               u:object_r:hal_power_default_exec:s0
diff --git a/qcom/vendor/fsck.te b/qcom/vendor/fsck.te
deleted file mode 100644
index 1500b5f..0000000
--- a/qcom/vendor/fsck.te
+++ /dev/null
@@ -1 +0,0 @@
-allow fsck persist_block_device:blk_file rw_file_perms;
diff --git a/qcom/vendor/hal_lineage_livedisplay_qti.te b/qcom/vendor/hal_lineage_livedisplay_qti.te
deleted file mode 100644
index 83cfd26..0000000
--- a/qcom/vendor/hal_lineage_livedisplay_qti.te
+++ /dev/null
@@ -1,12 +0,0 @@
-type hal_lineage_livedisplay_qti, domain;
-hal_server_domain(hal_lineage_livedisplay_qti, hal_lineage_livedisplay)
-
-type hal_lineage_livedisplay_qti_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(hal_lineage_livedisplay_qti)
-
-# Allow LiveDisplay HAL's default implementation to use vendor-binder service
-vndbinder_use(hal_lineage_livedisplay_qti)
-
-# Allow LiveDisplay to store files under /data/vendor/display and access them
-allow hal_lineage_livedisplay_qti display_vendor_data_file:dir rw_dir_perms;
-allow hal_lineage_livedisplay_qti display_vendor_data_file:file create_file_perms;
diff --git a/qcom/vendor/hal_perf_default.te b/qcom/vendor/hal_perf_default.te
deleted file mode 100644
index b517884..0000000
--- a/qcom/vendor/hal_perf_default.te
+++ /dev/null
@@ -1 +0,0 @@
-r_dir_file(hal_perf_default, hal_power_default)
diff --git a/qcom/vendor/hal_power_default.te b/qcom/vendor/hal_power_default.te
deleted file mode 100644
index 0a5dbfb..0000000
--- a/qcom/vendor/hal_power_default.te
+++ /dev/null
@@ -1,2 +0,0 @@
-allow hal_power_default input_device:dir search;
-allow hal_power_default input_device:chr_file rw_file_perms;
diff --git a/qcom/vendor/untrusted_app_all.te b/qcom/vendor/untrusted_app_all.te
deleted file mode 100644
index b7e6532..0000000
--- a/qcom/vendor/untrusted_app_all.te
+++ /dev/null
@@ -1,3 +0,0 @@
-# allow apps to read battery status
-r_dir_file(untrusted_app_all, sysfs_battery_supply)
-r_dir_file(untrusted_app_all, sysfs_usb_supply)
author	Julian Veit <claymore1298@gmail.com>	2020-11-30 08:05:29 +0100
committer	dragonGR <alex@dragongr.dev>	2020-12-06 21:29:15 +0200
commit	cd5dde6dd27dc691c02440ce5b33057389834125 (patch)
tree	4b825dc642cb6eb9a060e54bf8d69288fbee4904
parent	3f194aa4123cd872a5cfa7716a7f57f9593a1630 (diff)