From e2876a3d11bb172c2baa9ace9d79f999a0a8954e Mon Sep 17 00:00:00 2001
From: Xiao Ma <xiaom@google.com>
Date: Mon, 18 Mar 2019 12:17:48 +0900
Subject: [PATCH] revert ipmemorystore selinux policy.

Since ipmemorystore service has been moved to network stack from
system service, also should revert the relevant sepolicy which is
corresponding to the previous configuration.

Bug: 128392280
Test: atest FrameworksNetTests NetworkStackTests
Change-Id: I1ae09696e620b246f817db71e7b71c32aae9be05
---
 private/app.te                      | 3 ---
 private/compat/26.0/26.0.ignore.cil | 1 -
 private/compat/27.0/27.0.ignore.cil | 1 -
 private/compat/28.0/28.0.ignore.cil | 1 -
 private/service_contexts            | 1 -
 private/system_app.te               | 1 -
 public/service.te                   | 1 -
 public/traceur_app.te               | 1 -
 8 files changed, 10 deletions(-)

diff --git a/private/app.te b/private/app.te
index 1ef415a25..0d9a2b46f 100644
--- a/private/app.te
+++ b/private/app.te
@@ -15,6 +15,3 @@ neverallow { appdomain -shell userdebug_or_eng(`-su') }
     { domain -appdomain -crash_dump -rs }:process { transition };
 neverallow { appdomain -shell userdebug_or_eng(`-su') }
     { domain -appdomain }:process { dyntransition };
-
-# Disallow apps from using IP memory store
-neverallow { appdomain -shell } ipmemorystore_service:service_manager *;
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 94f3a9d8d..13da8ec0b 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -103,7 +103,6 @@
     iorapd_exec
     iorapd_service
     iorapd_tmpfs
-    ipmemorystore_service
     kmsg_debug_device
     last_boot_reason_prop
     llkd
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 5c04fcdb5..074a75f05 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -94,7 +94,6 @@
     iorapd_exec
     iorapd_service
     iorapd_tmpfs
-    ipmemorystore_service
     last_boot_reason_prop
     llkd
     llkd_exec
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index f4e2cd49b..eea3dd551 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -76,7 +76,6 @@
     heapprofd_prop
     heapprofd_socket
     idmap_service
-    ipmemorystore_service
     iris_service
     iris_vendor_data_file
     llkd
diff --git a/private/service_contexts b/private/service_contexts
index de5697213..e21ba4fd7 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -90,7 +90,6 @@ iphonesubinfo2                            u:object_r:radio_service:s0
 iphonesubinfo                             u:object_r:radio_service:s0
 ims                                       u:object_r:radio_service:s0
 imms                                      u:object_r:imms_service:s0
-ipmemorystore                             u:object_r:ipmemorystore_service:s0
 ipsec                                     u:object_r:ipsec_service:s0
 ircs                                      u:object_r:radio_service:s0
 iris                                      u:object_r:iris_service:s0
diff --git a/private/system_app.te b/private/system_app.te
index 05831a302..d71ef72e8 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -79,7 +79,6 @@ allow system_app {
   -dumpstate_service
   -installd_service
   -iorapd_service
-  -ipmemorystore_service
   -lpdump_service
   -netd_service
   -system_suspend_control_service
diff --git a/public/service.te b/public/service.te
index a6385b8df..649dfa7f2 100644
--- a/public/service.te
+++ b/public/service.te
@@ -106,7 +106,6 @@ type hdmi_control_service, system_api_service, system_server_service, service_ma
 type imms_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type input_method_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type input_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
-type ipmemorystore_service, system_server_service, service_manager_type;
 type ipsec_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type iris_service, app_api_service, system_server_service, service_manager_type;
 type jobscheduler_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
diff --git a/public/traceur_app.te b/public/traceur_app.te
index 4dea89077..b6debfb4e 100644
--- a/public/traceur_app.te
+++ b/public/traceur_app.te
@@ -12,7 +12,6 @@ allow traceur_app {
   -gatekeeper_service
   -incident_service
   -installd_service
-  -ipmemorystore_service
   -iorapd_service
   -lpdump_service
   -netd_service