From 7cd698341ffe2e58570a2448b033d3e78d3b5250 Mon Sep 17 00:00:00 2001
From: Ricardo Cerqueira <cyanogenmod@cerqueira.org>
Date: Wed, 10 Dec 2014 17:17:18 +0000
Subject: [PATCH] Revert "SELinux: su: update policies"

This reverts commit 04fd9192b05ae2655560a444711fe8859430f439.

Change-Id: I69e51fb6c151a48972cf81947c1c59c6f26f60e9
---
 sepolicy/su.te | 15 +--------------
 1 file changed, 1 insertion(+), 14 deletions(-)

diff --git a/sepolicy/su.te b/sepolicy/su.te
index 6b4b6314..76e4176a 100644
--- a/sepolicy/su.te
+++ b/sepolicy/su.te
@@ -46,9 +46,8 @@ userdebug_or_eng(`
 userdebug_or_eng(`
   typealias shell alias suclient;
 
-  # Translate user and platform apps to the shell domain when using su
+  # Translate user apps to the shell domain when using su
   domain_auto_trans(untrusted_app, su_exec, suclient)
-  domain_auto_trans(platform_app, su_exec, suclient)
 
   allow suclient sudaemon:unix_stream_socket { connectto read write setopt ioctl };
 
@@ -59,16 +58,4 @@ userdebug_or_eng(`
   allow system_app superuser_device:sock_file { read write create setattr unlink getattr };
   allow system_app sudaemon:unix_stream_socket { connectto read write setopt ioctl };
   allow system_app superuser_device:dir { create rw_dir_perms setattr unlink };
-
-  ## From external/sepolicy/domain.te adjusted from sudaemon
-  # Same as adbd rules above, except allow su to do the same thing
-  allow domain sudaemon:unix_stream_socket connectto;
-  allow domain sudaemon:fd use;
-  allow domain sudaemon:unix_stream_socket { getattr getopt read write shutdown };
-  binder_call(domain, sudaemon)
-  # Running something like "pm dump com.android.bluetooth" requires
-  # fifo writes
-  allow domain sudaemon:fifo_file { write getattr };
-  # allow "gdbserver --attach" to work for su.
-  allow domain sudaemon:process sigchld;
 ')