sepolicy: Drop debug policies
Change-Id: I105c3f0b14ee1c062c4dc25d2b24ed382fb6f276
diff --git a/basic/debug/non_plat/aee_aedv.te b/basic/debug/non_plat/aee_aedv.te
deleted file mode 100644
index 1d5e873..0000000
--- a/basic/debug/non_plat/aee_aedv.te
+++ /dev/null
@@ -1,500 +0,0 @@
-# ==============================================
-# Policy File of /vendor/bin/aee_aedv Executable File
-
-# ==============================================
-# Common SEPolicy Rule
-# ==============================================
-
-type aee_aedv, domain;
-
-type aee_aedv_exec, exec_type, file_type, vendor_file_type;
-typeattribute aee_aedv mlstrustedsubject;
-
-init_daemon_domain(aee_aedv)
-
-# Date : WK14.32
-# Operation : AEE UT
-# Purpose : for AEE module
-allow aee_aedv aed_device:chr_file rw_file_perms;
-allow aee_aedv expdb_device:chr_file rw_file_perms;
-allow aee_aedv expdb_block_device:blk_file rw_file_perms;
-allow aee_aedv bootdevice_block_device:blk_file rw_file_perms;
-allow aee_aedv etb_device:chr_file rw_file_perms;
-
-# AED start: /dev/block/expdb
-allow aee_aedv block_device:dir search;
-
-# NE flow: /dev/RT_Monitor
-allow aee_aedv RT_Monitor_device:chr_file r_file_perms;
-
-#data/aee_exp
-allow aee_aedv aee_exp_vendor_file:dir create_dir_perms;
-allow aee_aedv aee_exp_vendor_file:file create_file_perms;
-
-#data/dumpsys
-allow aee_aedv aee_dumpsys_vendor_file:dir create_dir_perms;
-allow aee_aedv aee_dumpsys_vendor_file:file create_file_perms;
-
-#/data/core
-allow aee_aedv aee_core_vendor_file:dir create_dir_perms;
-allow aee_aedv aee_core_vendor_file:file create_file_perms;
-
-# /data/data_tmpfs_log
-allow aee_aedv vendor_tmpfs_log_file:dir create_dir_perms;
-allow aee_aedv vendor_tmpfs_log_file:file create_file_perms;
-
-allow aee_aedv domain:process { sigkill getattr getsched};
-
-#core-pattern
-allow aee_aedv usermodehelper:file r_file_perms;
-
-# Date: W15.34
-# Operation: Migration
-# Purpose: For pagemap & pageflags information in NE DB
-# /proc/pid/
-# pre-allocation
-allow aee_aedv self:capability {
- chown
- fowner
- fsetid
- kill
- linux_immutable
- net_admin
- sys_admin
- sys_nice
- sys_resource
- sys_module
-};
-
-# Purpose: aee_aedv set property
-set_prop(aee_aedv, vendor_mtk_persist_mtk_aeev_prop)
-set_prop(aee_aedv, vendor_mtk_persist_aeev_prop)
-set_prop(aee_aedv, vendor_mtk_debug_mtk_aeev_prop)
-set_prop(aee_aedv, vendor_mtk_aeev_dynamic_switch_prop)
-
-# Purpose: mnt/user/*
-allow aee_aedv mnt_user_file:dir search;
-allow aee_aedv mnt_user_file:lnk_file r_file_perms;
-
-allow aee_aedv storage_file:dir search;
-allow aee_aedv storage_file:lnk_file r_file_perms;
-
-userdebug_or_eng(`
- allow aee_aedv su:dir r_dir_perms;
- allow aee_aedv su:file r_file_perms;
-')
-
-# PROCESS_FILE_STATE
-allow aee_aedv dumpstate:unix_stream_socket { read write ioctl };
-allow aee_aedv dumpstate:dir search;
-allow aee_aedv dumpstate:file r_file_perms;
-
-allow aee_aedv logdr_socket:sock_file write;
-allow aee_aedv logd:unix_stream_socket connectto;
-
-# vibrator
-allow aee_aedv sysfs_vibrator:file w_file_perms;
-
-# /proc/lk_env
-allow aee_aedv proc_lk_env:file rw_file_perms;
-
-# Data : 2017/03/22
-# Operation : add NE flow rule for Android O
-# Purpose : make aee_aedv can get specific process NE info
-allow aee_aedv domain:dir r_dir_perms;
-allow aee_aedv domain:{ file lnk_file } r_file_perms;
-
-# Data : 2017/04/06
-# Operation : add selinux rule for crash_dump notify aee_aedv
-# Purpose : make aee_aedv can get notify from crash_dump
-allow aee_aedv crash_dump:dir search;
-allow aee_aedv crash_dump:file r_file_perms;
-
-# Date : 20170512
-# Operation : fix aee_archive can't execute issue
-# Purpose : type=1400 audit(0.0:97916): avc: denied { execute_no_trans } for
-# path="/system/vendor/bin/aee_archive" dev="mmcblk0p26" ino=2355
-# scontext=u:r:aee_aedv:s0 tcontext=u:object_r:vendor_file:s0
-# tclass=file permissive=0
-allow aee_aedv vendor_file:file x_file_perms;
-
-# Purpose: debugfs files
-allow aee_aedv procfs_blockio:file r_file_perms;
-no_debugfs_restriction(`
- userdebug_or_eng(`
- allow aee_aedv debugfs_cam_dbg:file r_file_perms;
- allow aee_aedv debugfs_cam_exception:file r_file_perms;
- ')
-')
-
-# Purpose:
-# 01-01 17:59:14.440 7664 7664 I aee_dumpstate: type=1400 audit(0.0:63497):
-# avc: denied { open } for path="/sys/kernel/debug/tracing/tracing_on" dev=
-# "debugfs" ino=2087 scontext=u:r:dumpstate:s0 tcontext=u:object_r:
-# tracing_shell_writable:s0 tclass=file permissive=1
-allow aee_aedv debugfs_tracing:file rw_file_perms;
-
-# Purpose:
-# 01-01 00:05:17.720 3567 3567 W ps : type=1400 audit(0.0:5192): avc:
-# denied { getattr } for path="/proc/3421" dev="proc" ino=78975 scontext=u:r:
-# aee_aedv:s0 tcontext=u:r:platform_app:s0:c512,c768 tclass=dir permissive=0
-allow aee_aedv platform_app:dir r_dir_perms;
-allow aee_aedv platform_app:file r_file_perms;
-
-# Purpose:
-# 01-01 00:05:17.750 3567 3567 W ps : type=1400 audit(0.0:5193): avc:
-# denied { getattr } for path="/proc/3461" dev="proc" ino=11013 scontext=u:r:
-# aee_aedv:s0 tcontext=u:r:untrusted_app_25:s0:c512,c768 tclass=dir permissive=0
-allow aee_aedv untrusted_app_25:dir getattr;
-
-# Purpose:
-# 01-01 00:05:17.650 3567 3567 W ps : type=1400 audit(0.0:5179): avc:
-# denied { getattr } for path="/proc/2712" dev="proc" ino=65757 scontext=u:r:
-# aee_aedv:s0 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=dir permissive=0
-allow aee_aedv untrusted_app:dir getattr;
-
-# Purpose:
-# 01-01 00:05:17.650 3567 3567 W ps : type=1400 audit(0.0:5180): avc:
-# denied { getattr } for path="/proc/2747" dev="proc" ino=66659 scontext=u:r:
-# aee_aedv:s0 tcontext=u:r:priv_app:s0:c512,c768 tclass=dir permissive=0
-allow aee_aedv priv_app:dir getattr;
-
-# Purpose:
-# 01-01 00:05:16.270 3554 3554 W aee_dumpstatev: type=1400 audit(0.0:5153):
-# avc: denied { open } for path="/proc/interrupts" dev="proc" ino=4026533608
-# scontext=u:r:aee_aedv:s0 tcontext=u:object_r:proc_interrupts:s0 tclass=file
-# permissive=0
-allow aee_aedv proc_interrupts:file r_file_perms;
-
-# Purpose:
-# 01-01 00:05:17.840 3554 3554 W aee_dumpstatev: type=1400 audit(0.0:5200):
-# avc: denied { search } for name="leds" dev="sysfs" ino=6217 scontext=u:r:
-# aee_aedv:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=dir permissive=0
-allow aee_aedv sysfs_leds:dir search;
-allow aee_aedv sysfs_leds:file r_file_perms;
-
-# Purpose:
-# 01-01 00:03:45.790 3651 3651 I aee_dumpstatev: type=1400 audit(0.0:5592): avc: denied
-# { search } for name="ccci" dev="sysfs" ino=6026 scontext=u:r:aee_aedv:s0 tcontext=u:object_r:
-# sysfs_ccci:s0 tclass=dir permissive=1
-# 01-01 00:03:45.790 3651 3651 I aee_dumpstatev: type=1400 audit(0.0:5593): avc: denied { read }
-# for name="md_chn" dev="sysfs" ino=6035 scontext=u:r:aee_aedv:s0 tcontext=u:object_r:sysfs_ccci:s0
-# tclass=file permissive=1
-# 01-01 00:03:45.790 3651 3651 I aee_dumpstatev: type=1400 audit(0.0:5594): avc: denied { open }
-# for path="/sys/kernel/ccci/md_chn" dev="sysfs" ino=6035 scontext=u:r:aee_aedv:s0 tcontext=u:
-# object_r:sysfs_ccci:s0 tclass=file permissive=1
-allow aee_aedv sysfs_ccci:dir search;
-allow aee_aedv sysfs_ccci:file r_file_perms;
-
-# Purpose:
-# 01-01 00:03:44.330 3658 3658 I aee_dumpstatev: type=1400 audit(0.0:5411): avc: denied
-# { execute_no_trans } for path="/vendor/bin/toybox_vendor" dev="mmcblk0p26" ino=250 scontext=u:r:
-# aee_aedv:s0 tcontext=u:object_r:vendor_toolbox_exec:s0 tclass=file permissive=1
-allow aee_aedv vendor_toolbox_exec:file rx_file_perms;
-
-# Purpose:
-# 01-01 00:12:06.320000 4145 4145 W dmesg : type=1400 audit(0.0:826): avc: denied { open } for
-# path="/dev/kmsg" dev="tmpfs" ino=10875 scontext=u:r:aee_aedv:s0 tcontext=u:object_r:kmsg_device:
-# s0 tclass=chr_file permissive=0
-# 01-01 00:42:33.070000 4171 4171 W dmesg : type=1400 audit(0.0:1343): avc: denied
-# { syslog_read } for scontext=u:r:aee_aedv:s0 tcontext=u:r:kernel:s0 tclass=system permissive=0
-allow aee_aedv kmsg_device:chr_file r_file_perms;
-allow aee_aedv kernel:system syslog_read;
-
-# Purpose:
-# 01-01 00:12:37.890000 4162 4162 W aee_dumpstatev: type=1400 audit(0.0:914): avc: denied
-# { read } for name="meminfo" dev="proc" ino=4026533612 scontext=u:r:aee_aedv:s0 tcontext=u:
-# object_r:proc_meminfo:s0 tclass=file permissive=0
-allow aee_aedv proc_meminfo:file r_file_perms;
-
-# Purpose:
-# 01-01 00:08:39.900000 3833 3833 W aee_dumpstatev: type=1400 audit(0.0:371): avc: denied
-# { open } for path="/proc/3833/net/route" dev="proc" ino=4026533632 scontext=u:r:aee_aedv:s0
-# tcontext=u:object_r:proc_net:s0 tclass=file permissive=0
-allow aee_aedv proc_net:file r_file_perms;
-
-# Purpose:
-# 01-01 00:08:39.880000 3833 3833 W aee_dumpstatev: type=1400 audit(0.0:370): avc: denied
-# { open } for path="/proc/zoneinfo" dev="proc" ino=4026533663 scontext=u:r:aee_aedv:s0 tcontext=
-# u:object_r:proc_zoneinfo:s0 tclass=file permissive=0
-allow aee_aedv proc_zoneinfo:file r_file_perms;
-
-# Purpose:
-# 01-01 00:33:27.750000 338 338 W aee_aedv: type=1400 audit(0.0:98): avc: denied { read }
-# for name="fstab.mt6755" dev="rootfs" ino=1082 scontext=u:r:aee_aedv:s0 tcontext=u:object_r:
-# rootfs:s0 tclass=file permissive=0
-allow aee_aedv rootfs:file r_file_perms;
-
-# Purpose:
-# [ 241.001976] <1>.(1)[209:logd.auditd]type=1400 audit(1262304586.172:515): avc: denied { read }
-# for pid=1978 comm="aee_aedv64" name="atag,devinfo" dev="sysfs" ino=2349 scontext=u:r:aee_aedv:s0
-# tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
-allow aee_aedv sysfs_mrdump:file rw_file_perms;
-allow aee_aedv sysfs_memory:file r_file_perms;
-
-# Purpose: Allow aee_aedv access to vendor/bin/mtkcam-debug, which in turn invokes ICameraProvider
-# - avc: denied { find } for interface=android.hardware.camera.provider::ICameraProvider pid=2956
-# scontext=u:r:aee_aedv:s0 tcontext=u:object_r:hal_camera_hwservice:s0 tclass=hwservice_manager
-# - Transaction error in ICameraProvider::debug: Status(EX_TRANSACTION_FAILED)
-hal_client_domain(aee_aedv, hal_camera)
-allow aee_aedv hal_camera_hwservice:hwservice_manager { find };
-binder_call(aee_aedv, mtk_hal_camera)
-
-# Purpose: allow aee to read /sys/fs/selinux/enforce to get selinux status
-allow aee_aedv selinuxfs:file r_file_perms;
-
-# Purpose: mrdump db flow and pre-allocation
-# mrdump db flow
-allow aee_aedv sysfs_dt_firmware_android:dir search;
-allow aee_aedv sysfs_dt_firmware_android:file r_file_perms;
-allow aee_aedv kernel:system module_request;
-allow aee_aedv metadata_file:dir search;
-
-allow aee_aedv userdata_block_device:blk_file rw_file_perms;
-allow aee_aedv para_block_device:blk_file rw_file_perms;
-allow aee_aedv mrdump_device:blk_file rw_file_perms;
-allowxperm aee_aedv aee_dumpsys_vendor_file:file ioctl {
- FS_IOC_GETFLAGS
- FS_IOC_SETFLAGS
- F2FS_IOC_GET_PIN_FILE
- F2FS_IOC_SET_PIN_FILE
- FS_IOC_FIEMAP
-};
-
-# Purpose: allow vendor aee read lowmemorykiller logs
-# file path: /sys/module/lowmemorykiller/parameters/
-allow aee_aedv sysfs_lowmemorykiller:dir search;
-allow aee_aedv sysfs_lowmemorykiller:file r_file_perms;
-
-# Purpose: Allow aee read /sys/class/misc/scp/scp_dump
-allow aee_aedv sysfs_scp:dir r_dir_perms;
-allow aee_aedv sysfs_scp:file r_file_perms;
-
-# Purpose: Allow aee read /sys/class/misc/adsp/adsp_dump
-allow aee_aedv sysfs_adsp:dir r_dir_perms;
-allow aee_aedv sysfs_adsp:file r_file_perms;
-
-# Purpose: allow aee_aedv to read /proc/buddyinfo
-allow aee_aedv proc_buddyinfo:file r_file_perms;
-
-# Purpose: allow aee_aedv to read /proc/cmdline
-allow aee_aedv proc_cmdline:file r_file_perms;
-
-# Purpose: allow aee_aedv to read /proc/bootconfig
-allow aee_aedv proc_bootconfig:file r_file_perms;
-
-# Purpose: allow aee_aedv to read /proc/slabinfo
-allow aee_aedv proc_slabinfo:file r_file_perms;
-
-# Purpose: allow aee_aedv to read /proc/stat
-allow aee_aedv proc_stat:file r_file_perms;
-
-# Purpose: allow aee_aedv to read /proc/version
-allow aee_aedv proc_version:file r_file_perms;
-
-# Purpose: allow aee_aedv to read /proc/vmallocinfo
-allow aee_aedv proc_vmallocinfo:file r_file_perms;
-
-# Purpose: allow aee_aedv to read /proc/vmstat
-allow aee_aedv proc_vmstat:file r_file_perms;
-
-# Purpose: Allow aee_aedv to read /proc/cpu/alignment
-allow aee_aedv proc_cpu_alignment:file w_file_perms;
-
-# Purpose: Allow aee_aedv to read /proc/gpulog
-allow aee_aedv proc_gpulog:file r_file_perms;
-
-# Purpose: Allow aee_aedv to read /proc/chip/hw_ver
-allow aee_aedv proc_chip:file r_file_perms;
-allow aee_aedv proc_chip:dir r_dir_perms;
-
-# Purpose: Allow aee_aedv to read /proc/sched_debug
-allow aee_aedv proc_sched_debug:file r_file_perms;
-
-# Purpose: Allow aee_aedv to read /proc/atf_log
-allow aee_aedv proc_atf_log:dir r_dir_perms;
-allow aee_aedv proc_atf_log:file r_file_perms;
-
-# Purpose: Allow aee_aedv to read /proc/last_kmsg
-allow aee_aedv proc_last_kmsg:file r_file_perms;
-
-# Purpose: Allow aee_aedv to access /sys/devices/virtual/timed_output/vibrator/enable
-allow aee_aedv sysfs_vibrator_setting:dir search;
-allow aee_aedv sysfs_vibrator_setting:file w_file_perms;
-allow aee_aedv sysfs_vibrator:dir search;
-
-# Purpose: Allow aee_aedv to read /proc/ufs_debug
-allow aee_aedv proc_ufs_debug:file rw_file_perms;
-
-# Purpose: Allow aee_aedv to read /proc/msdc_debug
-allow aee_aedv proc_msdc_debug:file r_file_perms;
-
-# Purpose: Allow aee_aedv to read /proc/pidmap
-allow aee_aedv proc_pidmap:file r_file_perms;
-
-# Purpose: Allow aee_aedv to read /sys/power/vcorefs/vcore_debug
-allow aee_aedv sysfs_vcore_debug:file r_file_perms;
-
-# Purpose: Allow aee_aedv to read /sys/devices/virtual/BOOT/BOOT/boot/boot_mode
-allow aee_aedv sysfs_boot_mode:file r_file_perms;
-
-#Purpose: Allow aee_aedv to read/write /sys/kernel/debug/tracing/buffer_total_size_kb
-userdebug_or_eng(`
-allow aee_aedv debugfs_tracing_debug:file { rw_file_perms };
-')
-
-#Purpose: Allow aee_aedv to read /sys/mtk_memcfg/slabtrace
-allow aee_aedv proc_slabtrace:file r_file_perms;
-
-#Purpose: Allow aee_aedv to read /proc/mtk_cmdq_debug/status
-allow aee_aedv proc_cmdq_debug:file r_file_perms;
-
-#data/dipdebug
-allow aee_aedv aee_dipdebug_vendor_file:dir r_dir_perms;
-allow aee_aedv aee_dipdebug_vendor_file:file r_file_perms;
-allow aee_aedv proc_isp_p2:dir r_dir_perms;
-allow aee_aedv proc_isp_p2:file r_file_perms;
-
-allow aee_aedv connsyslog_data_vendor_file:file r_file_perms;
-allow aee_aedv connsyslog_data_vendor_file:dir r_dir_perms;
-
-# Purpose: Allow aee_aedv to read the /proc/*/exe of vendor process
-allow aee_aedv vendor_file_type:file r_file_perms;
-
-# Purpose: Allow aee_aedv to read /proc/isp_p2/isp_p2_kedump
-allow aee_aedv proc_isp_p2_kedump:file r_file_perms;
-
-# Purpose: Allow aee_aedv to read /proc/cpuhvfs/dbg_repo
-allow aee_aedv proc_dbg_repo:file r_file_perms;
-
-# Purpose: Allow aee_aedv to read /proc/pl_lk
-allow aee_aedv proc_pl_lk:file r_file_perms;
-
-allow aee_aedv proc_aed_reboot_reason:file r_file_perms;
-
-# Purpose: Allow aee_aedv to write /proc/sys/vm/drop_caches
-allow aee_aedv proc_drop_caches:file rw_file_perms;
-
-allow aee_aedv proc_wmt_aee:file r_file_perms;
-
-allow aee_aedv proc_aed:file rw_file_perms;
-allow aee_aedv proc_aed:dir r_dir_perms;
-allow aee_aedv proc_ppm:dir r_dir_perms;
-
-allow aee_aedv dpm_block_device:blk_file r_file_perms;
-allow aee_aedv sspm_block_device:blk_file r_file_perms;
-allow aee_aedv boot_para_block_device:blk_file rw_file_perms;
-
-allow aee_aedv proc_modules:file r_file_perms;
-
-set_prop(aee_aedv, powerctl_prop)
-
-
-allow aee_aedv proc_ccci_dump:file r_file_perms;
-allow aee_aedv proc_log_much:file r_file_perms;
-
-# Purpose: Allow aee_aedv to read /sys/kernel/tracing/instances/mmstat/trace
-allow aee_aedv debugfs_tracing_instances:dir r_dir_perms;
-allow aee_aedv debugfs_tracing_instances:file r_file_perms;
-
-allow aee_aedv binderfs_logs:dir r_dir_perms;
-allow aee_aedv binderfs_logs:file r_file_perms;
-
-allow aee_aedv proc_ion:dir r_dir_perms;
-allow aee_aedv proc_ion:file r_file_perms;
-allow aee_aedv proc_m4u_dbg:dir r_dir_perms;
-allow aee_aedv proc_m4u_dbg:file r_file_perms;
-allow aee_aedv proc_mtkfb:file r_file_perms;
-
-allow aee_aedv proc_dmaheap:dir r_dir_perms;
-allow aee_aedv proc_dmaheap:file r_file_perms;
-
-allow aee_aedv proc_iommu_debug:dir r_dir_perms;
-allow aee_aedv proc_iommu_debug:file r_file_perms;
-
-allow aee_aedv sysfs_dvfsrc_dbg:dir r_dir_perms;
-allow aee_aedv sysfs_dvfsrc_dbg:file r_file_perms;
-
-allow aee_aedv sysfs_systracker:dir r_dir_perms;
-allow aee_aedv sysfs_systracker:file r_file_perms;
-
-allow aee_aedv sysfs_aee_enable:file r_file_perms;
-
-#Purpose: Allow aee_aedv to read /data/vendor/gpu_dump
-allow aee_aedv gpu_dump_vendor_file:dir r_dir_perms;
-allow aee_aedv gpu_dump_vendor_file:file r_file_perms;
-
-# Date : 2020/12/14
-# Purpose: allow aee_aedv to read /sys/kernel/mm/mlog/dump
-allow aee_aedv sysfs_mm:file r_file_perms;
-
-#Purpose: Allow aee_aedv to read /sys/bus/scsi/devices/0:0:0:0/vpd_pg80
-allow aee_aedv sysfs_vpd:dir r_dir_perms;
-allow aee_aedv sysfs_vpd:file r_file_perms;
-
-# Date: 2021/05/21
-# Purpose: allow aee_aedv to read /sys/kernel/notes
-allow aee_aedv sysfs_kernel_notes:file r_file_perms;
-
-# Date: 2021/08/09
-# Purpose: Add apusys debug info into db
-allow aee_aedv proc_apusys_rv_coredump_debug:file r_file_perms;
-allow aee_aedv proc_apusys_rv_xfile_debug:file r_file_perms;
-allow aee_aedv proc_apusys_rv_regdump_debug:file r_file_perms;
-allow aee_aedv proc_apusys_logger_seq_log_debug:file r_file_perms;
-
-# Date: 2021/08/10
-# Purpose: Add apusys mdw debug info into db
-allow aee_aedv proc_aputag_mdw_debug:file r_file_perms;
-
-no_debugfs_restriction(`
- userdebug_or_eng(`
- allow aee_aedv debugfs_blockio:file r_file_perms;
- allow aee_aedv debugfs_fb:dir search;
- allow aee_aedv debugfs_fb:file r_file_perms;
- allow aee_aedv debugfs_fuseio:dir search;
- allow aee_aedv debugfs_fuseio:file r_file_perms;
- allow aee_aedv debugfs_rcu:dir search;
- allow aee_aedv debugfs_shrinker_debug:file r_file_perms;
- allow aee_aedv debugfs_dmlog_debug:file r_file_perms;
- allow aee_aedv debugfs_page_owner_slim_debug:file r_file_perms;
- allow aee_aedv debugfs_ion_mm_heap:dir search;
- allow aee_aedv debugfs_ion_mm_heap:file r_file_perms;
- allow aee_aedv debugfs_ion_mm_heap:lnk_file r_file_perms;
- allow aee_aedv debugfs_cpuhvfs:dir search;
- allow aee_aedv debugfs_cpuhvfs:file r_file_perms;
- allow aee_aedv debugfs_emi_mbw_buf:file r_file_perms;
-
- # Purpose:
- # 01-01 00:33:28.340000 338 338 W aee_aedv: type=1400 audit(0.0:104): avc: denied { search }
- # for name="dynamic_debug" dev="debugfs" ino=8182 scontext=u:r:aee_aedv:s0 tcontext=u:object_r:
- # debugfs_dynamic_debug:s0 tclass=dir permissive=0
- allow aee_aedv debugfs_dynamic_debug:dir search;
- allow aee_aedv debugfs_dynamic_debug:file r_file_perms;
-
- # Purpose: Allow aee_aedv to read /sys/kernel/debug/rcu/rcu_callback_log
- allow aee_aedv debugfs_rcu:file r_file_perms;
-
- # Purpose: Allow aee_aedv to read /sys/kernel/debug/smi_mon
- allow aee_aedv debugfs_smi_mon:file r_file_perms;
-
- allow aee_aedv debugfs_cmdq:file r_file_perms;
- allow aee_aedv debugfs_mml:file r_file_perms;
- allow aee_aedv debugfs_wakeup_sources:file r_file_perms;
- ')
-')
-
-allow aee_aedv sysfs_cache_status:file r_file_perms;
-
-allow aee_aedv sysfs_emiisu:file r_file_perms;
-
-allow aee_aedv mnt_vendor_file:dir search;
-allow aee_aedv nvdata_file:dir r_dir_perms;
-allow aee_aedv nvdata_file:file r_file_perms;
-allow aee_aedv protect_f_data_file:dir r_dir_perms;
-allow aee_aedv protect_f_data_file:file r_file_perms;
-allow aee_aedv protect_s_data_file:dir r_dir_perms;
-allow aee_aedv protect_s_data_file:file r_file_perms;
-allow aee_aedv proc_vpu_memory:file r_file_perms;
-
-allow aee_aedv proc_lockdep:file r_file_perms;
diff --git a/basic/debug/non_plat/aee_core_forwarder.te b/basic/debug/non_plat/aee_core_forwarder.te
deleted file mode 100644
index 03123c2..0000000
--- a/basic/debug/non_plat/aee_core_forwarder.te
+++ /dev/null
@@ -1,19 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/aee_core_forwarder Executable File
-
-# ==============================================
-# Common SEPolicy Rule
-# ==============================================
-
-allow aee_core_forwarder aee_exp_data_file:dir rw_dir_perms;
-allow aee_core_forwarder aee_exp_data_file:file create_file_perms;
-
-# Date: 2019/06/14
-# Operation : Migration
-# Purpose : interface=android.system.suspend::ISystemSuspend for aee_core_forwarder
-wakelock_use(aee_core_forwarder)
-allow aee_core_forwarder crash_dump:unix_stream_socket connectto;
-allow aee_core_forwarder aee_core_data_file:dir r_dir_perms;
-allow aee_core_forwarder crash_dump:lnk_file r_file_perms;
-allow aee_core_forwarder crash_dump:process {getattr};
-allow aee_core_forwarder sysfs_aee_enable:file r_file_perms;
diff --git a/basic/debug/non_plat/aee_hal.te b/basic/debug/non_plat/aee_hal.te
deleted file mode 100644
index 9a722b9..0000000
--- a/basic/debug/non_plat/aee_hal.te
+++ /dev/null
@@ -1,25 +0,0 @@
-# ==============================================
-# Type Declaration
-# ==============================================
-
-type aee_hal,domain;
-type aee_hal_exec, exec_type, file_type, vendor_file_type;
-typeattribute aee_hal mlstrustedsubject;
-
-# ==============================================
-# Common SEPolicy Rule
-# ==============================================
-
-init_daemon_domain(aee_hal)
-
-hal_server_domain(aee_hal, hal_mtk_aee)
-
-allow aee_hal aee_exp_vendor_file:dir w_dir_perms;
-allow aee_hal aee_exp_vendor_file:file create_file_perms;
-allow aee_hal aee_exp_data_file:file { read write };
-
-set_prop(aee_hal, vendor_mtk_persist_mtk_aeev_prop)
-set_prop(aee_hal, vendor_mtk_persist_aeev_prop)
-set_prop(aee_hal, vendor_mtk_debug_mtk_aeev_prop)
-
-binder_call(aee_hal, system_app);
diff --git a/basic/debug/non_plat/atcid.te b/basic/debug/non_plat/atcid.te
deleted file mode 100755
index c5dc484..0000000
--- a/basic/debug/non_plat/atcid.te
+++ /dev/null
@@ -1,10 +0,0 @@
-# ==============================================
-# Common SEPolicy Rule
-# ==============================================
-
-# Date : WK21.33
-# Purpose: Add policy to support get modem status
-
-allow atcid ccci_device:chr_file rw_file_perms_no_map;
-allow atcid self:unix_stream_socket ioctl;
-allowxperm atcid self:unix_stream_socket ioctl unpriv_tty_ioctls;
\ No newline at end of file
diff --git a/basic/debug/non_plat/audioserver.te b/basic/debug/non_plat/audioserver.te
deleted file mode 100644
index a31e4c2..0000000
--- a/basic/debug/non_plat/audioserver.te
+++ /dev/null
@@ -1,3 +0,0 @@
-# Date : WK16.48
-# Purpose: Allow to trigger AEE dump
-allow audioserver crash_dump:unix_stream_socket connectto;
diff --git a/basic/debug/non_plat/ccci_mdinit.te b/basic/debug/non_plat/ccci_mdinit.te
deleted file mode 100644
index 4c800a8..0000000
--- a/basic/debug/non_plat/ccci_mdinit.te
+++ /dev/null
@@ -1 +0,0 @@
-get_prop(ccci_mdinit, system_mtk_init_svc_aee_aedv_prop)
diff --git a/basic/debug/non_plat/connsyslogger.te b/basic/debug/non_plat/connsyslogger.te
deleted file mode 100644
index 293834f..0000000
--- a/basic/debug/non_plat/connsyslogger.te
+++ /dev/null
@@ -1,75 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/connsyslogger Executable File
-
-# ==============================================
-# Common SEPolicy Rule
-# ==============================================
-
-#for logging sdcard access
-allow connsyslogger fuse:dir create_dir_perms;
-allow connsyslogger fuse:file create_file_perms;
-
-#consys logger access on /data/consyslog
-allow connsyslogger consyslog_data_file:dir { create_dir_perms relabelto };
-allow connsyslogger consyslog_data_file:fifo_file create_file_perms;
-allow connsyslogger consyslog_data_file:file create_file_perms;
-
-allow connsyslogger tmpfs:lnk_file create_file_perms;
-
-# purpose: avc: denied { read } for name="plat_file_contexts"
-allow connsyslogger file_contexts_file:file r_file_perms;
-
-#logger SD logging in factory mode
-allow connsyslogger vfat:dir create_dir_perms;
-allow connsyslogger vfat:file create_file_perms;
-
-#logger permission in storage in android M version
-allow connsyslogger mnt_user_file:dir search;
-allow connsyslogger mnt_user_file:lnk_file r_file_perms;
-allow connsyslogger storage_file:lnk_file r_file_perms;
-
-#permission for use SELinux API
-allow connsyslogger rootfs:file r_file_perms;
-
-#permission for storage access storage
-allow connsyslogger storage_file:dir create_dir_perms;
-allow connsyslogger storage_file:file create_file_perms;
-
-#permission for read boot mode
-allow connsyslogger sysfs_boot_mode:file r_file_perms;
-
-allow connsyslogger fw_log_wifi_device:chr_file rw_file_perms;
-allow connsyslogger fw_log_bt_device:chr_file rw_file_perms;
-allow connsyslogger fw_log_gps_device:chr_file rw_file_perms;
-allow connsyslogger fw_log_wmt_device:chr_file rw_file_perms;
-allow connsyslogger fw_log_ics_device:chr_file rw_file_perms;
-allow connsyslogger fw_log_wifimcu_device:chr_file rw_file_perms_no_map;
-allow connsyslogger fw_log_btmcu_device:chr_file rw_file_perms_no_map;
-
-allow connsyslogger sdcardfs:dir create_dir_perms;
-allow connsyslogger sdcardfs:file create_file_perms;
-allow connsyslogger rootfs:lnk_file getattr;
-
-allow connsyslogger media_rw_data_file:file create_file_perms;
-allow connsyslogger media_rw_data_file:dir create_dir_perms;
-
-#permission to get driver ready status
-get_prop(connsyslogger, vendor_mtk_wmt_prop)
-
-#Date:2019/03/25
-# purpose: allow connsyslogger to access persist.meta.connecttype
-get_prop(connsyslogger, vendor_mtk_meta_connecttype_prop)
-
-
-#Date:2019/03/25
-# purpose: allow emdlogger to create socket
-allow connsyslogger port:tcp_socket { name_connect name_bind };
-allow connsyslogger connsyslogger:tcp_socket create_stream_socket_perms;
-allow connsyslogger node:tcp_socket node_bind;
-
-#Date:2019/03/25
-# usb device ttyGSx for modem logger usb logging
-allow connsyslogger ttyGS_device:chr_file rw_file_perms;
-
-# Add permission to access new bootmode file
-allow connsyslogger sysfs_boot_info:file r_file_perms;
diff --git a/basic/debug/non_plat/crash_dump.te b/basic/debug/non_plat/crash_dump.te
deleted file mode 100644
index 572b2b4..0000000
--- a/basic/debug/non_plat/crash_dump.te
+++ /dev/null
@@ -1,27 +0,0 @@
-#data/aee_exp
-allow crash_dump aee_exp_data_file:dir { create_dir_perms relabelto };
-allow crash_dump aee_exp_data_file:file create_file_perms;
-
-hal_client_domain(crash_dump, hal_mtk_aee)
-
-allow crash_dump aed_device:chr_file rw_file_perms;
-
-# Date : 2020/12/14
-# Purpose: allow aee_aed to read /sys/kernel/mm/mlog/dump
-allow crash_dump sysfs_mm:file r_file_perms;
-
-# Purpose: Allow crash_dump to write /proc/aed/generate-kernel-notify
-allow crash_dump proc_aed:dir r_dir_perms;
-allow crash_dump proc_aed:file rw_file_perms;
-
-no_debugfs_restriction(`
- userdebug_or_eng(`
- allow crash_dump debugfs_blockio:file r_file_perms;
- allow crash_dump debugfs_ion_mm_heap:dir search;
- allow crash_dump debugfs_ion_mm_heap:file r_file_perms;
- allow crash_dump debugfs_ion_mm_heap:lnk_file r_file_perms;
- allow crash_dump debugfs_dmlog_debug:file r_file_perms;
- ')
-')
-
-allow crash_dump sysfs_aee_enable:file r_file_perms;
diff --git a/basic/debug/non_plat/device.te b/basic/debug/non_plat/device.te
deleted file mode 100644
index 69aea3a..0000000
--- a/basic/debug/non_plat/device.te
+++ /dev/null
@@ -1,6 +0,0 @@
-type aed_device, dev_type;
-
-# Date:2021/07/27
-# Purpose: permission for emdlogger
-type ccci_mdl_device, dev_type;
-
diff --git a/basic/debug/non_plat/domain.te b/basic/debug/non_plat/domain.te
deleted file mode 100644
index 4bc29e6..0000000
--- a/basic/debug/non_plat/domain.te
+++ /dev/null
@@ -1,5 +0,0 @@
-# Date:20170630
-# Purpose: allow trusted process to connect aee daemon
-allow { domain -coredomain -hal_configstore_server -vendor_init } aee_aedv:unix_stream_socket connectto;
-allow { domain -coredomain -hal_configstore_server -vendor_init } aee_exp_vendor_file:file w_file_perms;
-allow { domain -coredomain -hal_configstore_server -vendor_init } aee_aedv:fd use;
diff --git a/basic/debug/non_plat/dumpstate.te b/basic/debug/non_plat/dumpstate.te
deleted file mode 100644
index d784dbc..0000000
--- a/basic/debug/non_plat/dumpstate.te
+++ /dev/null
@@ -1,126 +0,0 @@
-# Purpose: data/aee_exp/*
-allow dumpstate aee_exp_data_file:dir rw_dir_perms;
-allow dumpstate aee_exp_data_file:file create_file_perms;
-
-# Data : 2017/03/22
-# Operation : add fd use selinux rule
-# Purpose : type=1400 audit(0.0:81356): avc: denied { use } for path="/system/bin/linker"
-# dev="mmcblk0p26" ino=250 scontext=u:r:dumpstate:s0
-# tcontext=u:r:crash_dump:s0 tclass=fd permissive=0
-allow dumpstate crash_dump:fd use;
-allow dumpstate crash_dump:unix_stream_socket { rw_socket_perms connectto };
-
-# Purpose: access dev/aed0
-allow dumpstate aed_device:chr_file r_file_perms;
-allow dumpstate vcp_device:chr_file r_file_perms_no_map;
-
-# Purpose: 01-01 08:30:57.260 3070 3070 W aee_dumpstate: type=1400 audit(0.0:13196): avc: denied
-# { read } for name="SF_dump" dev="dm-0" ino=352257 scontext=u:r:dumpstate:s0 tcontext=u:object_r:
-# sf_bqdump_data_file:s0 tclass=dir permissive=0
-allow dumpstate sf_bqdump_data_file:dir r_dir_perms;
-allow dumpstate sf_bqdump_data_file:file r_file_perms;
-
-# Purpose:
-# 01-01 17:59:14.440 7664 7664 I aee_dumpstate: type=1400 audit(0.0:63497):
-# avc: denied { open } for path="/sys/kernel/debug/tracing/tracing_on" dev=
-# "debugfs" ino=2087 scontext=u:r:dumpstate:s0 tcontext=u:object_r:
-# tracing_shell_writable:s0 tclass=file permissive=1
-allow dumpstate debugfs_tracing:file rw_file_perms;
-
-# Purpose: Allow aee_dumpstate to invoke "lshal debug <interface>", where <interface> is "ICameraProvider".
-allow dumpstate mtk_hal_camera:binder call;
-
-# Purpose: Allow aee_dumpstate to read /proc/slabinfo
-allow dumpstate proc_slabinfo:file r_file_perms;
-
-# Purpose: Allow aee_dumpstate to read /proc/zraminfo
-allow dumpstate proc_zraminfo:file r_file_perms;
-
-# Purpose: Allow aee_dumpstate to read /proc/gpulog
-allow dumpstate proc_gpulog:file r_file_perms;
-
-# Purpose: Allow aee_dumpstate to read /proc/sched_debug
-allow dumpstate proc_sched_debug:file r_file_perms;
-
-# Purpose: Allow aee_dumpstate to read /proc/chip/hw_ver
-allow dumpstate proc_chip:file r_file_perms;
-allow dumpstate proc_chip:dir r_dir_perms;
-
-# Purpose: Allow aee_dumpstate to write /sys/devices/virtual/timed_output/vibrator/enable
-allow dumpstate sysfs_vibrator_setting:file w_file_perms;
-
-# Date : 2020/12/14
-# Purpose: allow aee_dumpstate to read /sys/kernel/mm/mlog/dump
-allow dumpstate sysfs_mm:file r_file_perms;
-
-#Purpose: Allow dumpstate to read /sys/bus/scsi/devices/0:0:0:0/vpd_pg80
-allow dumpstate sysfs_vpd:dir r_dir_perms;
-allow dumpstate sysfs_vpd:file r_file_perms;
-
-#Purpose: Alloc dumpstate to read /proc/dma_heap/
-allow dumpstate proc_dmaheap:dir r_dir_perms;
-allow dumpstate proc_dmaheap:file r_file_perms;
-
-#Purpose: Allow dumpstate to read /proc/iommu_debug/
-allow dumpstate proc_iommu_debug:dir r_dir_perms;
-allow dumpstate proc_iommu_debug:file r_file_perms;
-
-#Date: 2020/07/23
-#Purpose: Allow dumpstate to read /sys/kernel/notes
-allow dumpstate sysfs_kernel_notes:file r_file_perms;
-
-no_debugfs_restriction(`
- userdebug_or_eng(`
- allow dumpstate debugfs_blockio:file r_file_perms;
- allow dumpstate debugfs_fb:dir search;
- allow dumpstate debugfs_fb:file r_file_perms;
- allow dumpstate debugfs_fuseio:dir search;
- allow dumpstate debugfs_fuseio:file r_file_perms;
- allow dumpstate debugfs_rcu:dir search;
- allow dumpstate debugfs_shrinker_debug:file r_file_perms;
- allow dumpstate debugfs_dmlog_debug:file r_file_perms;
- allow dumpstate debugfs_page_owner_slim_debug:file r_file_perms;
- allow dumpstate debugfs_ion_mm_heap:dir search;
- allow dumpstate debugfs_ion_mm_heap:file r_file_perms;
- allow dumpstate debugfs_ion_mm_heap:lnk_file r_file_perms;
- allow dumpstate debugfs_cpuhvfs:dir search;
- allow dumpstate debugfs_cpuhvfs:file r_file_perms;
-
- # Purpose: Allow dumpstate to read /sys/kernel/debug/rcu/rcu_callback_log
- allow dumpstate debugfs_rcu:file r_file_perms;
-
- # Date: 19/07/15
- # Purpose: Allow dumpstate to read /sys/kernel/debug/kmemleak
- allow dumpstate debugfs_kmemleak:file r_file_perms;
-
- #Purpose: Allow dumpstate to read /sys/kernel/debug/smi_mon
- allow dumpstate debugfs_smi_mon:file r_file_perms;
-
- allow dumpstate debugfs_cmdq:file r_file_perms;
- allow dumpstate debugfs_mml:file r_file_perms;
- allow dumpstate debugfs_wakeup_sources:file r_file_perms;
- ')
-')
-
-#Date: 2021/08/24
-#Purpose: debugfs files
-no_debugfs_restriction(`
- userdebug_or_eng(`
- allow dumpstate debugfs_cam_dbg:file r_file_perms;
- allow dumpstate debugfs_cam_exception:file r_file_perms;
- ')
-')
-
-allow dumpstate sysfs_dvfsrc_dbg:dir r_dir_perms;
-allow dumpstate sysfs_dvfsrc_dbg:file r_file_perms;
-#Purpose: Allow dumpstate to read /proc/apusys_rv/apusys_rv_xfile and /proc/apusys_logger/seq_log
-allow dumpstate proc_apusys_rv_xfile_debug:file r_file_perms;
-allow dumpstate proc_apusys_logger_seq_log_debug:file r_file_perms;
-allow dumpstate sysfs_emiisu:file r_file_perms;
-
-#Purpose: Allow dumpstate to read /proc/vpu/vpu_memory
-allow dumpstate proc_vpu_memory:file r_file_perms;
-
-#Purpose: Allow dumpstate to read /proc/mtk_mali/gpu_memory
-allow dumpstate proc_gpu_memory:file r_file_perms;
-
diff --git a/basic/debug/non_plat/emdlogger.te b/basic/debug/non_plat/emdlogger.te
deleted file mode 100644
index e466fee..0000000
--- a/basic/debug/non_plat/emdlogger.te
+++ /dev/null
@@ -1,124 +0,0 @@
-# ==============================================
-# Common SEPolicy Rule
-# ==============================================
-
-# ccci device for internal modem
-allow emdlogger ccci_mdl_device:chr_file rw_file_perms;
-allow emdlogger ccci_ccb_device:chr_file rw_file_perms;
-#add for read /dev/ccci_md1_sta
-allow emdlogger ccci_device:chr_file rw_file_perms;
-
-# eemcs device for external modem
-allow emdlogger eemcs_device:chr_file rw_file_perms;
-
-# C2K project SDIO device for external modem ttySDIO2 control port, ttySDIO8 log port
-allow emdlogger ttySDIO_device:chr_file rw_file_perms;
-
-# C2K project modem device for external modem vmodem start/stop/ioctl modem
-allow emdlogger vmodem_device:chr_file rw_file_perms;
-
-# usb device ttyGSx for modem logger usb logging
-allow emdlogger ttyGS_device:chr_file rw_file_perms;
-
-# for modem logging sdcard access
-allow emdlogger sdcard_type:dir create_dir_perms;
-allow emdlogger sdcard_type:file create_file_perms;
-
-# modem logger access on /data/mdlog
-allow emdlogger mdlog_data_file:dir { create_dir_perms relabelto };
-allow emdlogger mdlog_data_file:fifo_file create_file_perms;
-allow emdlogger mdlog_data_file:file create_file_perms;
-
-# modem logger control port access /dev/ttyC1
-allow emdlogger mdlog_device:chr_file rw_file_perms;
-
-# modem logger SD logging in factory mode
-allow emdlogger vfat:dir create_dir_perms;
-allow emdlogger vfat:file create_file_perms;
-
-# modem logger permission in storage in android M version
-allow emdlogger mnt_user_file:dir search;
-allow emdlogger mnt_user_file:lnk_file r_file_perms;
-allow emdlogger storage_file:lnk_file r_file_perms;
-
-# permission for storage link access in vzw Project
-allow emdlogger mnt_media_rw_file:dir search;
-
-# permission for use SELinux API
-# avc: denied { read } for pid=576 comm="emdlogger1" name="selinux_version" dev="rootfs"
-allow emdlogger rootfs:file r_file_perms;
-
-# permission for storage access storage
-allow emdlogger storage_file:dir create_dir_perms;
-allow emdlogger tmpfs:lnk_file r_file_perms;
-allow emdlogger storage_file:file create_file_perms;
-
-# permission for read boot mode
-# avc: denied { open } path="/sys/devices/virtual/BOOT/BOOT/boot/boot_mode" dev="sysfs"
-allow emdlogger sysfs_boot_mode:file r_file_perms;
-
-# Allow read to sys/kernel/ccci/* files
-allow emdlogger sysfs_ccci:dir search;
-allow emdlogger sysfs_ccci:file r_file_perms;
-
-allow emdlogger sysfs_mdinfo:file r_file_perms;
-allow emdlogger sysfs_mdinfo:dir search;
-
-# Allow read avc: denied { read } for name="mddb" dev="mmcblk0p25" ino=681
-# scontext=u:r:emdlogger:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=0
-allow emdlogger system_file:dir r_dir_perms;
-
-# purpose: allow emdlogger to access storage in N version
-allow emdlogger media_rw_data_file:file create_file_perms;
-allow emdlogger media_rw_data_file:dir create_dir_perms;
-
-# For dynamic CCB buffer feature
-# avc: denied { read write } for name="lk_env" dev="proc" ino=4026532192
-# scontext=u:r:emdlogger:s0 tcontext=u:object_r:proc_lk_env:s0 tclass=file permissive=0
-# avc: denied { read } for name="mmcblk0p3" dev="tmpfs" ino=8493 scontext=u:r:emdlogger:s0
-# tcontext=u:object_r:para_block_device:s0 tclass=blk_file permissive=0
-allow emdlogger para_block_device:blk_file rw_file_perms;
-allow emdlogger proc_lk_env:file rw_file_perms;
-
-allow emdlogger block_device:dir search;
-allow emdlogger md_block_device:blk_file r_file_perms;
-allow emdlogger self:capability chown;
-
-# purpose: allow emdlogger to access persist.meta.connecttype
-get_prop(emdlogger, vendor_mtk_meta_connecttype_prop)
-
-# purpose: allow emdlogger to create socket
-allow emdlogger port:tcp_socket { name_connect name_bind };
-allow emdlogger emdlogger:tcp_socket {create_stream_socket_perms};
-allow emdlogger node:tcp_socket node_bind;
-allow emdlogger fwmarkd_socket:sock_file {write};
-allow emdlogger netd:unix_stream_socket {connectto};
-allow emdlogger self:tcp_socket {ioctl};
-
-
-# Android P migration
-get_prop(emdlogger, vendor_mtk_usb_prop)
-
-# Date : WK19.12
-# Operation: add permission to catch logs
-# Purpose : get kernel and radio logs when modem exception
-allow emdlogger kernel:system syslog_read;
-allow emdlogger logcat_exec:file rx_file_perms;
-allow emdlogger logdr_socket:sock_file w_file_perms;
-
-# Add permission to access new bootmode file
-allow emdlogger sysfs_boot_info:file r_file_perms;
-
-# avc: denied { connectto } for path=006165653A72747464 scontext=u:r:emdlogger:s0
-# tcontext=u:object_r:aee_aed_socket:s0 tclass=unix_stream_socket permissive=0
-# security issue control
-allow emdlogger crash_dump:unix_stream_socket connectto;
-# Allow ReadDefaultFstab().
-read_fstab(emdlogger)
-
-# Date : 2021/07/06
-# Purpose: add permission to access devie tree to get ccb gear info
-allow emdlogger sysfs_soc_ccb_gear:file r_file_perms;
-allow emdlogger sysfs_ccb_gear:file r_file_perms;
-
-get_prop(emdlogger, vendor_mtk_atm_ipaddr_prop)
\ No newline at end of file
diff --git a/basic/debug/non_plat/file.te b/basic/debug/non_plat/file.te
deleted file mode 100644
index f746ee6..0000000
--- a/basic/debug/non_plat/file.te
+++ /dev/null
@@ -1,86 +0,0 @@
-# AEE exp
-type aee_exp_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
-type aee_exp_vendor_file, file_type, data_file_type;
-
-# Date : 2019/08/29
-# Purpose: Allow rild access proc/aed/reboot-reason
-type proc_aed_reboot_reason, fs_type, proc_type;
-
-# Date : 2021/06/24
-# Operation: S development
-# Purpose: Add permission for access /proc/iommu_debug
-type proc_iommu_debug, fs_type, proc_type;
-
-type proc_aed, fs_type, proc_type;
-
-type sysfs_soc_ccb_gear, sysfs_type, fs_type;
-type sysfs_ccb_gear, sysfs_type, fs_type;
-
-# Date : 2021/08/09
-# Purpose: Add apusys debug info into db
-type proc_apusys_rv_coredump_debug, fs_type, proc_type;
-type proc_apusys_rv_xfile_debug, fs_type, proc_type;
-type proc_apusys_rv_regdump_debug, fs_type, proc_type;
-type proc_apusys_logger_seq_log_debug, fs_type, proc_type;
-
-# Date : 2021/08/10
-# Purpose: Add apusys MDW debug info into db
-type proc_aputag_mdw_debug, fs_type, proc_type;
-
-# Date : 2021/10/13
-type proc_mtmon, fs_type, proc_type;
-
-# Date : 2022/01/19
-# Purpose: Add lockdep debug info into db
-type proc_lockdep, fs_type, proc_type;
-
-# blockio procfs file
-type debugfs_blockio, fs_type, debugfs_type;
-
-# fuseio debugfs file
-type debugfs_fuseio, fs_type, debugfs_type;
-
-# cpuhvfs debugfs file
-type debugfs_cpuhvfs, fs_type, debugfs_type;
-
-# dynamic_debug debugfs file
-type debugfs_dynamic_debug, fs_type, debugfs_type;
-
-# shrinker debugfs file
-type debugfs_shrinker_debug, fs_type, debugfs_type;
-
-# dmlog debugfs file
-type debugfs_dmlog_debug, fs_type, debugfs_type;
-
-# page_owner_slim debugfs file
-type debugfs_page_owner_slim_debug, fs_type, debugfs_type;
-
-# rcu debugfs file
-type debugfs_rcu, fs_type, debugfs_type;
-
-# /sys/kernel/debug/ion/ion_mm_heap
-type debugfs_ion_mm_heap, fs_type, debugfs_type;
-
-# /sys/kernel/debug/emi_mbw/dump_buf
-type debugfs_emi_mbw_buf, fs_type, debugfs_type;
-
-# /sys/devices/platform/emiisu/emi_isu_buf
-type sysfs_emiisu, sysfs_type, fs_type;
-
-# /sys/kernel/debug/kmemleak
-type debugfs_kmemleak, fs_type, debugfs_type;
-
-# Date : 2019/08/15
-type debugfs_smi_mon, fs_type, debugfs_type;
-
-type debugfs_cmdq, fs_type, debugfs_type;
-type debugfs_mml, fs_type, debugfs_type;
-
-# Date : 2021/08/24
-# camsys debugfs file
-type debugfs_cam_dbg, fs_type, debugfs_type;
-type debugfs_cam_exception, fs_type, debugfs_type;
-
-#vpu proc file
-type proc_vpu_memory, fs_type, proc_type;
-
diff --git a/basic/debug/non_plat/file_contexts b/basic/debug/non_plat/file_contexts
deleted file mode 100644
index ecdd3da..0000000
--- a/basic/debug/non_plat/file_contexts
+++ /dev/null
@@ -1,37 +0,0 @@
-# ==============================================
-# Common SEPolicy Rule
-# ==============================================
-
-##########################
-# Data files
-#
-/data/connsyslog(/.*)? u:object_r:consyslog_data_file:s0
-##########################
-# Devices
-#
-/dev/socket/netdiag(/.*)? u:object_r:netdiag_socket:s0
-##########################
-# Vendor files
-#
-/vendor/bin/loghidlvendorservice u:object_r:loghidlvendorservice_exec:s0
-
-/data/aee_exp(/.*)? u:object_r:aee_exp_data_file:s0
-/data/vendor/aee_exp(/.*)? u:object_r:aee_exp_vendor_file:s0
-
-/(vendor|system/vendor)/bin/aee_aedv u:object_r:aee_aedv_exec:s0
-/(vendor|system/vendor)/bin/aee_aedv64 u:object_r:aee_aedv_exec:s0
-/(vendor|system/vendor)/bin/aee_aedv64_v2 u:object_r:aee_aedv_exec:s0
-
-/vendor/bin/hw/vendor\.mediatek\.hardware\.aee@1\.0-service u:object_r:aee_hal_exec:s0
-/vendor/bin/hw/vendor\.mediatek\.hardware\.aee@1\.1-service u:object_r:aee_hal_exec:s0
-
-/dev/aed[0-9]+ u:object_r:aed_device:s0
-
-# Date:2021/07/27
-# Purpose: permission for emdlogger
-/dev/ccci_md_log_ctrl u:object_r:ccci_mdl_device:s0
-/dev/ccci_ccb_dhl u:object_r:ccci_mdl_device:s0
-/dev/ccci_raw_dhl u:object_r:ccci_mdl_device:s0
-# Purpose: permission for mdlogger
-/dev/ccci_md_log_tx u:object_r:ccci_mdl_device:s0
-/dev/ccci_md_log_rx u:object_r:ccci_mdl_device:s0
diff --git a/basic/debug/non_plat/genfs_contexts b/basic/debug/non_plat/genfs_contexts
deleted file mode 100644
index c824343..0000000
--- a/basic/debug/non_plat/genfs_contexts
+++ /dev/null
@@ -1,72 +0,0 @@
-genfscon proc /aed u:object_r:proc_aed:s0
-# Date : 2019/08/29
-# Purpose: allow rild to access /proc/aed/reboot-reason
-genfscon proc /aed/reboot-reason u:object_r:proc_aed_reboot_reason:s0
-
-# 2021/06/24
-# Purpose: add iommu debug info into db
-genfscon proc /iommu_debug u:object_r:proc_iommu_debug:s0
-
-# Date : 2021/07/06
-# Purpose: allow emdlogger to access /proc/device-tree/soc/mddriver
-genfscon sysfs /firmware/devicetree/base/soc/mddriver/md1_ccb_gear_list u:object_r:sysfs_soc_ccb_gear:s0
-genfscon sysfs /firmware/devicetree/base/soc/mddriver/md1_ccb_cap_gear u:object_r:sysfs_soc_ccb_gear:s0
-
-# Date : 2021/07/06
-# Purpose: allow emdlogger to access /proc/device-tree/mddriver
-genfscon sysfs /firmware/devicetree/base/mddriver/md1_ccb_cap_gear u:object_r:sysfs_ccb_gear:s0
-genfscon sysfs /firmware/devicetree/base/mddriver/md1_ccb_gear_list u:object_r:sysfs_ccb_gear:s0
-
-# Date : 2021/08/09
-# Purpose: add apusys debug info into db
-genfscon proc /apusys_rv/apusys_rv_coredump u:object_r:proc_apusys_rv_coredump_debug:s0
-genfscon proc /apusys_rv/apusys_rv_xfile u:object_r:proc_apusys_rv_xfile_debug:s0
-genfscon proc /apusys_rv/apusys_regdump u:object_r:proc_apusys_rv_regdump_debug:s0
-genfscon proc /apusys_logger/seq_log u:object_r:proc_apusys_logger_seq_log_debug:s0
-
-# Date : 2021/08/10
-# Purpose: add apusys MDW debug info into db
-genfscon proc /aputag/mdw u:object_r:proc_aputag_mdw_debug:s0
-
-# Date : 2021/10/13
-# Purpose: allow vendor_init to access /proc/mtmon
-genfscon proc /mtmon u:object_r:proc_mtmon:s0
-
-# Date : 2022/01/19
-# Purpose: add lockdep debug info into db
-genfscon proc /lockdep u:object_r:proc_lockdep:s0
-genfscon proc /lockdep_chains u:object_r:proc_lockdep:s0
-genfscon proc /lockdep_stats u:object_r:proc_lockdep:s0
-
-genfscon debugfs /blockio u:object_r:debugfs_blockio:s0
-genfscon debugfs /cpuhvfs u:object_r:debugfs_cpuhvfs:s0
-genfscon debugfs /dmlog u:object_r:debugfs_dmlog_debug:s0
-genfscon debugfs /dynamic_debug u:object_r:debugfs_dynamic_debug:s0
-genfscon debugfs /emi_mbw/dump_buf u:object_r:debugfs_emi_mbw_buf:s0
-genfscon debugfs /fuseio u:object_r:debugfs_fuseio:s0
-genfscon debugfs /ion/client_history u:object_r:debugfs_ion_mm_heap:s0
-genfscon debugfs /ion/heaps u:object_r:debugfs_ion_mm_heap:s0
-genfscon debugfs /ion/ion_mm_heap u:object_r:debugfs_ion_mm_heap:s0
-genfscon debugfs /kmemleak u:object_r:debugfs_kmemleak:s0
-genfscon debugfs /page_owner_slim u:object_r:debugfs_page_owner_slim_debug:s0
-genfscon debugfs /rcu u:object_r:debugfs_rcu:s0
-genfscon debugfs /shrinker u:object_r:debugfs_shrinker_debug:s0
-# 2019/08/15
-genfscon debugfs /smi_mon u:object_r:debugfs_smi_mon:s0
-
-genfscon debugfs /cmdq/cmdq-status u:object_r:debugfs_cmdq:s0
-genfscon debugfs /cmdq/cmdq-record u:object_r:debugfs_cmdq:s0
-
-genfscon debugfs /mml/mml-record u:object_r:debugfs_mml:s0
-genfscon debugfs /mml/mml-frame-dump-in u:object_r:debugfs_mml:s0
-
-# Date: 2021/08/24
-# allow aee to get camsys dump
-genfscon debugfs /mtk_cam_dbg_dump u:object_r:debugfs_cam_dbg:s0
-genfscon debugfs /mtk_cam_exp_dump u:object_r:debugfs_cam_exception:s0
-
-genfscon sysfs /devices/platform/emiisu/emi_isu_buf u:object_r:sysfs_emiisu:s0
-genfscon sysfs /devices/platform/soc/soc:emiisu/emi_isu_buf u:object_r:sysfs_emiisu:s0
-
-genfscon proc /vpu/vpu_memory u:object_r:proc_vpu_memory:s0
-
diff --git a/basic/debug/non_plat/hal_mtk_aee.te b/basic/debug/non_plat/hal_mtk_aee.te
deleted file mode 100644
index d930915..0000000
--- a/basic/debug/non_plat/hal_mtk_aee.te
+++ /dev/null
@@ -1,10 +0,0 @@
-# ==============================================
-# Common SEPolicy Rule
-# ==============================================
-
-hal_attribute_hwservice(hal_mtk_aee, mtk_hal_aee_hwservice)
-
-binder_call(hal_mtk_aee_client, hal_mtk_aee_server)
-binder_call(hal_mtk_aee_server, hal_mtk_aee_client)
-allow hal_mtk_aee_server aee_exp_vendor_file:dir {r_dir_perms rmdir};
-allow hal_mtk_aee_server aee_exp_vendor_file:file r_file_perms;
diff --git a/basic/debug/non_plat/hal_mtk_log.te b/basic/debug/non_plat/hal_mtk_log.te
deleted file mode 100644
index 0a6205e..0000000
--- a/basic/debug/non_plat/hal_mtk_log.te
+++ /dev/null
@@ -1,8 +0,0 @@
-# ==============================================
-# Common SEPolicy Rule
-# ==============================================
-
-hal_attribute_hwservice(hal_mtk_log, mtk_hal_log_hwservice)
-
-binder_call(hal_mtk_log_client, hal_mtk_log_server)
-binder_call(hal_mtk_log_server, hal_mtk_log_client)
diff --git a/basic/debug/non_plat/hwservice.te b/basic/debug/non_plat/hwservice.te
deleted file mode 100644
index aafc6b8..0000000
--- a/basic/debug/non_plat/hwservice.te
+++ /dev/null
@@ -1 +0,0 @@
-type mtk_hal_aee_hwservice, hwservice_manager_type;
diff --git a/basic/debug/non_plat/hwservice_contexts b/basic/debug/non_plat/hwservice_contexts
deleted file mode 100644
index 1d8e9c2..0000000
--- a/basic/debug/non_plat/hwservice_contexts
+++ /dev/null
@@ -1 +0,0 @@
-vendor.mediatek.hardware.aee::IAee u:object_r:mtk_hal_aee_hwservice:s0
diff --git a/basic/debug/non_plat/loghidlsysservice.te b/basic/debug/non_plat/loghidlsysservice.te
deleted file mode 100644
index e191118..0000000
--- a/basic/debug/non_plat/loghidlsysservice.te
+++ /dev/null
@@ -1,10 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/loghidlsysservice Executable File
-
-# ==============================================
-# Common SEPolicy Rule
-# ==============================================
-
-# Purpose : for create hidl server
-hal_client_domain(loghidlsysservice, hal_mtk_log)
-allow loghidlsysservice connsyslogger:unix_stream_socket connectto;
diff --git a/basic/debug/non_plat/loghidlvendorservice.te b/basic/debug/non_plat/loghidlvendorservice.te
deleted file mode 100644
index 859e410..0000000
--- a/basic/debug/non_plat/loghidlvendorservice.te
+++ /dev/null
@@ -1,30 +0,0 @@
-# ==============================================
-# Policy File of /vendor/bin/loghidlvendorservice Executable File
-
-# ==============================================
-# Type Declaration
-# ==============================================
-
-type loghidlvendorservice, domain;
-type loghidlvendorservice_exec, exec_type, file_type, vendor_file_type;
-typeattribute loghidlvendorservice mlstrustedsubject;
-
-init_daemon_domain(loghidlvendorservice)
-
-hal_server_domain(loghidlvendorservice, hal_mtk_log)
-allow loghidlvendorservice system_app:binder call;
-
-#============= r/w video log properties ==============
-set_prop(loghidlvendorservice, vendor_mtk_c2_log_prop)
-
-#============= r/w gpud properties ==============
-set_prop(loghidlvendorservice, vendor_mtk_gpu_prop)
-
-# allow loghidlvendorservice can access video node
-allow loghidlvendorservice video_device:chr_file rw_file_perms_no_map;
-
-#============= r/w display debug log properties ==============
-set_prop(loghidlvendorservice, vendor_mtk_hwc_debug_log_prop)
-set_prop(loghidlvendorservice, vendor_mtk_mdp_debug_log_prop)
-set_prop(loghidlvendorservice, vendor_mtk_em_dy_debug_ctrl_prop)
-set_prop(loghidlvendorservice, vendor_debug_logger_prop)
diff --git a/basic/debug/non_plat/mdlogger.te b/basic/debug/non_plat/mdlogger.te
deleted file mode 100644
index b307bb5..0000000
--- a/basic/debug/non_plat/mdlogger.te
+++ /dev/null
@@ -1,58 +0,0 @@
-# ==============================================
-# Common SEPolicy Rule
-# ==============================================
-
-# ccci device for internal modem
-allow mdlogger ccci_device:chr_file rw_file_perms;
-allow mdlogger ccci_mdl_device:chr_file rw_file_perms;
-
-# usb device ttyGSx for modem logger usb logging
-allow mdlogger ttyGS_device:chr_file rw_file_perms;
-
-# modem logger access on /data/mdlog
-allow mdlogger mdlog_data_file:dir { create_dir_perms relabelto};
-allow mdlogger mdlog_data_file:fifo_file create_file_perms;
-allow mdlogger mdlog_data_file:file create_file_perms;
-
-# modem logger control port access /dev/ttyC1
-allow mdlogger mdlog_device:chr_file rw_file_perms;
-
-#modem logger SD logging in factory mode
-allow mdlogger vfat:dir create_dir_perms;
-allow mdlogger vfat:file create_file_perms;
-
-#mdlogger for read /sdcard
-allow mdlogger tmpfs:lnk_file r_file_perms;
-allow mdlogger storage_file:lnk_file rw_file_perms;
-allow mdlogger storage_file:dir create_dir_perms;
-allow mdlogger storage_file:file create_file_perms;
-allow mdlogger mnt_user_file:dir search;
-allow mdlogger mnt_user_file:lnk_file rw_file_perms;
-allow mdlogger sdcard_type:file create_file_perms;
-allow mdlogger sdcard_type:dir create_dir_perms;
-
-# Allow read to sys/kernel/ccci/* files
-allow mdlogger sysfs_ccci:dir search;
-allow mdlogger sysfs_ccci:file r_file_perms;
-
-# purpose: allow mdlogger to access storage in new version
-allow mdlogger media_rw_data_file:file create_file_perms;
-allow mdlogger media_rw_data_file:dir create_dir_perms;
-
-## purpose: avc: denied { read } for name="plat_file_contexts"
-allow emdlogger file_contexts_file:file r_file_perms;
-
-#permission for read boot mode
-#avc: denied { open } path="/sys/devices/virtual/BOOT/BOOT/boot/boot_mode" dev="sysfs"
-allow mdlogger sysfs_boot_mode:file r_file_perms;
-
-# avc: denied { open } for path="system/etc/mddb" dev="mmcblk0p21" scontext=u:r:emdlogger:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=0
-allow mdlogger system_file:dir r_dir_perms;
-
-# Add permission to access new bootmode file
-allow mdlogger sysfs_boot_info:file r_file_perms;
-
-#avc: denied { connectto } for path=006165653A72747464 scontext=u:r:mdlogger:s0
-#tcontext=u:object_r:aee_aed_socket:s0 tclass=unix_stream_socket permissive=0
-#security issue control
-allow mdlogger crash_dump:unix_stream_socket connectto;
diff --git a/basic/debug/non_plat/meta_tst.te b/basic/debug/non_plat/meta_tst.te
deleted file mode 100644
index 45a8bbb..0000000
--- a/basic/debug/non_plat/meta_tst.te
+++ /dev/null
@@ -1,7 +0,0 @@
-# ==============================================
-# Policy File of /vendor/bin/meta_tst Executable File
-
-# Date: W18.29
-# Operation: Catch log
-# Purpose : meta connect with loghidlserver by socket.
-allow meta_tst loghidlvendorservice:unix_stream_socket connectto;
diff --git a/basic/debug/non_plat/mobile_log_d.te b/basic/debug/non_plat/mobile_log_d.te
deleted file mode 100644
index 7c596f9..0000000
--- a/basic/debug/non_plat/mobile_log_d.te
+++ /dev/null
@@ -1,73 +0,0 @@
-# ==============================================
-# Common SEPolicy Rule
-# ==============================================
-
-# boot_mdoe file access
-allow mobile_log_d sysfs_boot_mode:file r_file_perms;
-
-#proc/ access
-allow mobile_log_d proc_kmsg:file r_file_perms;
-allow mobile_log_d proc_cmdline:file r_file_perms;
-allow mobile_log_d proc_atf_log:dir search;
-allow mobile_log_d proc_atf_log:file r_file_perms;
-allow mobile_log_d proc_gz_log:file r_file_perms;
-allow mobile_log_d proc_last_kmsg:file r_file_perms;
-allow mobile_log_d proc_bootprof:file r_file_perms;
-allow mobile_log_d proc_pl_lk:file r_file_perms;
-
-#apusys
-allow mobile_log_d proc_apusys_up_seq_logl:file r_file_perms;
-
-#scp
-allow mobile_log_d sysfs_scp:file w_file_perms;
-allow mobile_log_d sysfs_scp:dir search;
-allow mobile_log_d scp_device:chr_file r_file_perms;
-
-#vcp
-allow mobile_log_d sysfs_vcp:file w_file_perms;
-allow mobile_log_d sysfs_vcp:dir search;
-allow mobile_log_d vcp_device:chr_file r_file_perms_no_map;
-
-#adsp
-allow mobile_log_d sysfs_adsp:file w_file_perms;
-allow mobile_log_d sysfs_adsp:dir search;
-allow mobile_log_d adsp_device:chr_file r_file_perms;
-
-#sspm
-allow mobile_log_d sysfs_sspm:file w_file_perms;
-allow mobile_log_d sysfs_sspm:dir search;
-allow mobile_log_d sspm_device:chr_file r_file_perms;
-
-#data/misc/mblog
-allow mobile_log_d logmisc_data_file:dir { relabelto create_dir_perms };
-allow mobile_log_d logmisc_data_file:file create_file_perms;
-
-#data/log_temp
-allow mobile_log_d logtemp_data_file:dir { relabelto create_dir_perms };
-allow mobile_log_d logtemp_data_file:file create_file_perms;
-
-#data/data_tmpfs_log
-allow mobile_log_d data_tmpfs_log_file:dir create_dir_perms;
-allow mobile_log_d data_tmpfs_log_file:file create_file_perms;
-
-# purpose: send log to com port
-allow mobile_log_d ttyGS_device:chr_file rw_file_perms;
-
-# purpose: allow mobile_log_d to access persist.meta.connecttype
-get_prop(mobile_log_d, vendor_mtk_meta_connecttype_prop)
-
-# purpose: allow mobile_log_d to create socket
-allow mobile_log_d port:tcp_socket { name_connect name_bind };
-allow mobile_log_d mobile_log_d:tcp_socket create_stream_socket_perms;
-allow mobile_log_d node:tcp_socket node_bind;
-
-# purpose: allow mobile_log_d to write dev/wmtWifi.
-allow mobile_log_d wmtWifi_device:chr_file rw_file_perms;
-
-# Date: 2016/11/11
-# purpose: allow MobileLog to access aee socket
-allow mobile_log_d crash_dump:unix_stream_socket connectto;
-
-# Date : WK21.31
-# Purpose: Add permission to access new bootmode file
-allow mobile_log_d sysfs_boot_info:file r_file_perms;
diff --git a/basic/debug/non_plat/modemdbfilter_service.te b/basic/debug/non_plat/modemdbfilter_service.te
deleted file mode 100644
index faa5ceb..0000000
--- a/basic/debug/non_plat/modemdbfilter_service.te
+++ /dev/null
@@ -1,19 +0,0 @@
-# ==============================================
-# Policy File of /vendor/bin/hw/modemdbfilter_service Executable File
-
-# ==============================================
-# Type Declaration
-# ==============================================
-
-type modemdbfilter_service, domain;
-type modemdbfilter_service_exec, exec_type, file_type, vendor_file_type;
-typeattribute modemdbfilter_service mlstrustedsubject;
-
-# ==============================================
-# Common SEPolicy Rule
-# ==============================================
-
-init_daemon_domain(modemdbfilter_service)
-
-#Purpose : for create hidl server
-hal_server_domain(modemdbfilter_service, hal_mtk_md_dbfilter)
diff --git a/basic/debug/non_plat/mtk_hal_camera.te b/basic/debug/non_plat/mtk_hal_camera.te
deleted file mode 100644
index 75663ff..0000000
--- a/basic/debug/non_plat/mtk_hal_camera.te
+++ /dev/null
@@ -1,26 +0,0 @@
-# callback to /vendor/bin/aee_aedv for aee debugging
-binder_call(mtk_hal_camera, aee_aedv)
-
-# -----------------------------------
-# Android O
-# Purpose: AEE Debugging
-# -----------------------------------
-# Purpose: Allow aee_dumpstate to invoke "lshal debug <interface>", where <interface> is "ICameraProvider".
-allow mtk_hal_camera dumpstate:binder { call };
-allow mtk_hal_camera dumpstate:unix_stream_socket { read write };
-allow mtk_hal_camera dumpstate:fd { use };
-allow mtk_hal_camera dumpstate:fifo_file w_file_perms;
-
-# Purpose: Allow camerahalserver to dump debug info to SYS_DEBUG_MTKCAM via aee_aedv.
-# avc: denied { write } for path="/data/vendor/mtklog/aee_exp/temp/db.9oRG8O/SYS_DEBUG_MTKCAM"
-# dev="dm-2" ino=1458278 scontext=u:r:mtk_hal_camera:s0 tcontext=u:object_r:aee_exp_vendor_file:s0
-# tclass=file permissive=0
-allow mtk_hal_camera aee_exp_vendor_file:dir w_dir_perms;
-allow mtk_hal_camera aee_exp_vendor_file:file create_file_perms;
-
-# Date : WK18.01
-# Operation : label aee_aed sockets
-# Purpose : Engineering mode need access for aee commmand
-userdebug_or_eng(`
-allow mtk_hal_camera aee_aedv:unix_stream_socket connectto;
-')
diff --git a/basic/debug/non_plat/mtkrild.te b/basic/debug/non_plat/mtkrild.te
deleted file mode 100644
index d84cb54..0000000
--- a/basic/debug/non_plat/mtkrild.te
+++ /dev/null
@@ -1,2 +0,0 @@
-#For Kryptowire mtklog issue
-allow mtkrild aee_aedv:unix_stream_socket connectto;
diff --git a/basic/debug/non_plat/netd.te b/basic/debug/non_plat/netd.te
deleted file mode 100644
index 0c5c6d6..0000000
--- a/basic/debug/non_plat/netd.te
+++ /dev/null
@@ -1,22 +0,0 @@
-# ==============================================
-# Common SEPolicy Rule
-# ==============================================
-
-# Date : WK14.39
-# Operation : Migration
-# Purpose : MDLogger USB logging
-# Owner : Bo shang
-allow netd mdlogger:fd use;
-allow netd mdlogger:tcp_socket rw_socket_perms_no_ioctl;
-
-# Date : WK14.41
-# Operation : Migration
-# Purpose : network logging
-# Owner : Bo shang
-allow netd netdiag:fd use;
-allow netd netdiag:udp_socket rw_socket_perms_no_ioctl;
-
-userdebug_or_eng(`
- allow netd mobile_log_d:fd use;
- allow netd mobile_log_d:tcp_socket rw_socket_perms_no_ioctl;
-')
diff --git a/basic/debug/non_plat/netdiag.te b/basic/debug/non_plat/netdiag.te
deleted file mode 100644
index a264e9c..0000000
--- a/basic/debug/non_plat/netdiag.te
+++ /dev/null
@@ -1,26 +0,0 @@
-# ==============================================
-# Common SEPolicy Rule
-# ==============================================
-
-# Purpose : for access storage file
-allow netdiag sdcard_type:dir create_dir_perms;
-allow netdiag sdcard_type:file create_file_perms;
-allow netdiag net_data_file:file r_file_perms;
-allow netdiag net_data_file:dir search;
-allow netdiag storage_file:dir search;
-allow netdiag storage_file:lnk_file r_file_perms;
-allow netdiag mnt_user_file:dir search;
-allow netdiag mnt_user_file:lnk_file r_file_perms;
-allow netdiag platform_app:dir search;
-allow netdiag untrusted_app:dir search;
-allow netdiag mnt_media_rw_file:dir search;
-allow netdiag vfat:dir create_dir_perms;
-allow netdiag vfat:file create_file_perms;
-allow netdiag tmpfs:lnk_file r_file_perms;
-
-# purpose: allow netdiag to access storage in new version
-allow netdiag media_rw_data_file:file create_file_perms;
-allow netdiag media_rw_data_file:dir create_dir_perms;
-
-# purpose: read ip address
-allow netdiag self:netlink_route_socket nlmsg_readpriv;
\ No newline at end of file
diff --git a/basic/debug/non_plat/platform_app.te b/basic/debug/non_plat/platform_app.te
deleted file mode 100644
index 7830d69..0000000
--- a/basic/debug/non_plat/platform_app.te
+++ /dev/null
@@ -1,100 +0,0 @@
-# ==============================================
-# Common SEPolicy Rule
-# ==============================================
-
-# Date : 2017/07/03
-# Operation : Migration
-# Purpose : get/set agps configuration via hal_mtk_lbs
-hal_client_domain(platform_app, hal_mtk_lbs)
-
-# Date : 2014/08/21
-# Operation : Migration
-# Purpose : FMRadio enable driver access permission for fmradio hardware device
-# Package: com.mediatek.fmradio
-allow platform_app fm_device:chr_file rw_file_perms;
-
-# Date : 2014/09/11
-# Operation : Migration
-# Purpose : MTKLogger need setup local socket with native daemon:mobile_logd,
-# netdialog,mdlogger,emdlogger,cmddumper
-# Package: com.mediatek.mtklogger
-allow platform_app mobile_log_d:unix_stream_socket connectto;
-allow platform_app mdlogger:unix_stream_socket connectto;
-allow platform_app emdlogger:unix_stream_socket connectto;
-allow platform_app cmddumper:unix_stream_socket connectto;
-allow platform_app connsyslogger:unix_stream_socket connectto;
-unix_socket_connect(platform_app, netdiag, netdiag)
-
-# Date: 2018/11/17
-# purpose: allow MTKLogger to control Bluetooth HCI log via socket
-allow platform_app bluetooth:unix_stream_socket connectto;
-
-# Date : 2014/10/17
-# Operation : Migration
-# Purpose :Make MTKLogger or VIASaber apk can Access TTYSDIO_device
-# Package: com.mediatek.mtklogger
-allow platform_app ttySDIO_device:chr_file rw_file_perms;
-
-# Date : 2014/10/17
-# Operation : Migration
-# Purpose :Make MTKLogger or VIASaber apk can Access storage
-# Package: com.mediatek.mtklogger
-allow platform_app sdcard_type:file create_file_perms;
-allow platform_app sdcard_type:dir create_dir_perms;
-
-# Date : 2014/11/12
-# Operation : Migration
-# Purpose : MTKLogger need copy exception db from data folder
-# Package: com.mediatek.mtklogger
-allow platform_app aee_exp_data_file:file r_file_perms;
-allow platform_app aee_exp_data_file:dir r_dir_perms;
-
-# Date : 2014/11/14
-# Operation : Migration
-# Purpose : MTKLogger need update md config file in data for mode changed
-# Package: com.mediatek.mtklogger
-allow platform_app mdlog_data_file:file rw_file_perms;
-allow platform_app mdlog_data_file:dir rw_dir_perms;
-
-# Date : WK17.46
-# Operation : Migration
-# Purpose : allow MTKLogger to read KE DB
-allow platform_app aee_dumpsys_data_file:file r_file_perms;
-
-# Date: 2018/03/23
-# Operation : Migration
-# Purpose : MTKLogger need connect to log hidl server
-# Package: com.mediatek.mtklogger
-hal_client_domain(platform_app, hal_mtk_log)
-
-# Date : 2020/09/15
-# Operation : Migration
-# Purpose : DebugLoggerUI need copy proc/ccci_sib to storage
-# Package: com.debug.loggerui
-allow platform_app proc_ccci_sib:file r_file_perms;
-
-# Date : 2021/03/05
-# Operation : Migration
-# Purpose : DebugLoggerUI need call wifi JNI set wifi level
-# Package: com.debug.loggerui
-allow platform_app self:udp_socket { create ioctl };
-allowxperm platform_app self:udp_socket ioctl {
- SIOCIWFIRSTPRIV_0B
- SIOCIWFIRSTPRIV_0F
- SIOCSIWMODE SIOCIWFIRSTPRIV_01
- SIOCIWFIRSTPRIV_09
- SIOCDEVPRIVATE_2
-};
-
-# Date : WK18.17
-# Operation : P Migration
-# Purpose: allow platform_app to read /data/vendor/mtklog/aee_exp
-allow platform_app aee_exp_vendor_file:dir r_dir_perms;
-allow platform_app aee_exp_vendor_file:file r_file_perms;
-
-# Date : 2021/06/01
-# Operation : Migration
-# Purpose : DebugLoggerUI need copy & delete /data/vendor/vcodec/ folder
-# Package: com.debug.loggerui
-allow platform_app vcodec_file:dir {rw_dir_perms rmdir};
-allow platform_app vcodec_file:file rw_file_perms;
diff --git a/basic/debug/non_plat/property.te b/basic/debug/non_plat/property.te
deleted file mode 100644
index 1d0fe4f..0000000
--- a/basic/debug/non_plat/property.te
+++ /dev/null
@@ -1,11 +0,0 @@
-vendor_restricted_prop(vendor_mtk_debug_mtk_aeev_prop)
-vendor_restricted_prop(vendor_mtk_persist_aeev_prop)
-vendor_restricted_prop(vendor_mtk_persist_mtk_aeev_prop)
-vendor_restricted_prop(vendor_mtk_ro_aee_prop)
-vendor_restricted_prop(vendor_mtk_aeev_dynamic_switch_prop)
-
-typeattribute vendor_mtk_debug_mtk_aeev_prop mtk_core_property_type;
-typeattribute vendor_mtk_persist_aeev_prop mtk_core_property_type;
-typeattribute vendor_mtk_persist_mtk_aeev_prop mtk_core_property_type;
-typeattribute vendor_mtk_ro_aee_prop mtk_core_property_type;
-typeattribute vendor_mtk_aeev_dynamic_switch_prop mtk_core_property_type;
diff --git a/basic/debug/non_plat/property_contexts b/basic/debug/non_plat/property_contexts
deleted file mode 100644
index 1d14cb1..0000000
--- a/basic/debug/non_plat/property_contexts
+++ /dev/null
@@ -1,9 +0,0 @@
-persist.vendor.mtk.aeev. u:object_r:vendor_mtk_persist_mtk_aeev_prop:s0
-persist.vendor.aeev. u:object_r:vendor_mtk_persist_aeev_prop:s0
-vendor.debug.mtk.aeev u:object_r:vendor_mtk_debug_mtk_aeev_prop:s0
-
-ro.vendor.aee.build.info u:object_r:vendor_mtk_ro_aee_prop:s0
-ro.vendor.aee.enforcing u:object_r:vendor_mtk_ro_aee_prop:s0
-ro.vendor.have_aee_feature u:object_r:vendor_mtk_ro_aee_prop:s0
-ro.vendor.aeev.dynamic.switch u:object_r:vendor_mtk_aeev_dynamic_switch_prop:s0
-ro.vendor.aee.convert64 u:object_r:vendor_mtk_ro_aee_prop:s0
diff --git a/basic/debug/non_plat/rild.te b/basic/debug/non_plat/rild.te
deleted file mode 100644
index a36b4b9..0000000
--- a/basic/debug/non_plat/rild.te
+++ /dev/null
@@ -1,3 +0,0 @@
-# Date : 2019/08/29
-# Purpose: Allow rild to access proc/aed/reboot-reason
-allow rild proc_aed_reboot_reason:file rw_file_perms;
diff --git a/basic/debug/non_plat/shell.te b/basic/debug/non_plat/shell.te
deleted file mode 100644
index 7b9fc75..0000000
--- a/basic/debug/non_plat/shell.te
+++ /dev/null
@@ -1,3 +0,0 @@
-# Date : WK16.46
-# Purpose : allow shell to switch aee mode
-allow shell crash_dump:unix_stream_socket connectto;
diff --git a/basic/debug/non_plat/system_app.te b/basic/debug/non_plat/system_app.te
deleted file mode 100644
index ed7f920..0000000
--- a/basic/debug/non_plat/system_app.te
+++ /dev/null
@@ -1,6 +0,0 @@
-# Date : 2017/11/07
-# Operation : Migration
-# Purpose : CAT need copy exception db file from data folder
-# Package: CAT tool
-allow system_app aee_exp_data_file:file r_file_perms;
-allow system_app aee_exp_data_file:dir r_dir_perms;
diff --git a/basic/debug/non_plat/system_server.te b/basic/debug/non_plat/system_server.te
deleted file mode 100644
index 694bb79..0000000
--- a/basic/debug/non_plat/system_server.te
+++ /dev/null
@@ -1,12 +0,0 @@
-allow system_server aee_exp_data_file:file w_file_perms;
-# Date:W17.22
-# Operation : add aee_aed socket rule
-# Purpose : type=1400 audit(0.0:134519): avc: denied { connectto }
-# for comm=4572726F722064756D703A20737973
-# path=00636F6D2E6D746B2E6165652E6165645F3634
-# scontext=u:r:system_server:s0 tcontext=u:r:crash_dump:s0
-# tclass=unix_stream_socket permissive=0
-allow system_server crash_dump:unix_stream_socket connectto;
-
-# Search /proc/proc_mtmon
-allow system_server proc_mtmon:dir search;
diff --git a/basic/debug/non_plat/vendor_init.te b/basic/debug/non_plat/vendor_init.te
deleted file mode 100644
index fe541d1..0000000
--- a/basic/debug/non_plat/vendor_init.te
+++ /dev/null
@@ -1,5 +0,0 @@
-set_prop(vendor_init, system_mtk_persist_mtk_aee_prop)
-set_prop(vendor_init, vendor_mtk_ro_aee_prop)
-set_prop(vendor_init, vendor_mtk_persist_aeev_prop)
-
-allow vendor_init proc_mtmon:file w_file_perms;
diff --git a/basic/debug/non_plat/vendor_shell.te b/basic/debug/non_plat/vendor_shell.te
deleted file mode 100644
index c9a8ce7..0000000
--- a/basic/debug/non_plat/vendor_shell.te
+++ /dev/null
@@ -1,5 +0,0 @@
-# ==============================================
-# Common SEPolicy Rule
-# =============================================
-# Purpose : allow vendor_shell to run aeev
-allow vendor_shell aee_aedv_exec:file x_file_perms;
diff --git a/basic/debug/plat_private/aee_core_forwarder.te b/basic/debug/plat_private/aee_core_forwarder.te
deleted file mode 100644
index 4674252..0000000
--- a/basic/debug/plat_private/aee_core_forwarder.te
+++ /dev/null
@@ -1,91 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/aee_core_forwarder Executable File
-
-# ==============================================
-# Type Declaration
-# ==============================================
-type aee_core_forwarder_exec, system_file_type, exec_type, file_type;
-typeattribute aee_core_forwarder coredomain;
-
-# ==============================================
-# Common SEPolicy Rule
-# ==============================================
-init_daemon_domain(aee_core_forwarder)
-
-#mkdir /sdcard/mtklog/aee_exp and write /sdcard/mtklog/aee_exp/zcorexxx.zip
-allow aee_core_forwarder sdcard_type:dir create_dir_perms;
-allow aee_core_forwarder sdcard_type:file create_file_perms;
-allow aee_core_forwarder self:capability { fsetid setgid sys_nice sys_admin };
-
-#read STDIN_FILENO
-allow aee_core_forwarder kernel:fifo_file r_file_perms;
-
-#read /proc/<pid>/cmdline
-allow aee_core_forwarder domain:dir r_dir_perms;
-allow aee_core_forwarder domain:file r_file_perms;
-
-#get wake_lock to avoid system suspend when coredump is generating
-allow aee_core_forwarder sysfs_wake_lock:file rw_file_perms;
-
-# Date : 2015/07/11
-# Operation : Migration
-# Purpose : for mtk debug mechanism
-allow aee_core_forwarder self:capability2 block_suspend;
-
-# Date : 2015/07/21
-# Operation : Migration
-# Purpose : for generating core dump on sdcard
-allow aee_core_forwarder mnt_user_file:dir search;
-allow aee_core_forwarder mnt_user_file:lnk_file r_file_perms;
-allow aee_core_forwarder storage_file:dir search;
-allow aee_core_forwarder storage_file:lnk_file r_file_perms;
-
-# Date : 2016/03/05
-# Operation : selinux waring fix
-# Purpose : avc: denied { search } for pid=15909 comm="aee_core_forwar"
-# name="15493" dev="proc" ino=112310 scontext=u:r:aee_core_forwarder:s0
-# tcontext=u:r:untrusted_app:s0:c512,c768 tclass=dir permissive=0
-dontaudit aee_core_forwarder untrusted_app:dir search;
-
-# Date : 2016/04/18
-# Operation : N0 Migration
-# Purpose : access for pipefs
-allow aee_core_forwarder kernel:fd use;
-
-# Purpose: search root dir "/"
-allow aee_core_forwarder tmpfs:dir search;
-
-# Purpose : read /selinux_version
-allow aee_core_forwarder rootfs:file r_file_perms;
-
-# Data : 2016/06/13
-# Operation : fix sys_ptrace selinux warning
-# Purpose : type=1400 audit(1420070409.080:177): avc: denied { sys_ptrace } for pid=3136
-# comm="aee_core_forwar" capability=19 scontext=u:r:aee_core_forwarder:s0
-# tcontext=u:r:aee_core_forwarder:s0 tclass=capability permissive=0
-dontaudit aee_core_forwarder self:capability sys_ptrace;
-
-# Data : 2016/06/24
-# Operation : fix media_rw_data_file access selinux warning
-# Purpose :
-# type=1400 audit(0.0:6511): avc: denied { search } for name="db.p08JgF"
-# dev="dm-0" ino=540948 scontext=u:r:aee_core_forwarder:s0
-# tcontext=u:object_r:media_rw_data_file:s0 tclass=dir permissive=1
-# type=1400 audit(0.0:6512): avc: denied { write } for name="db.p08JgF"
-# dev="dm-0" ino=540948 scontext=u:r:aee_core_forwarder:s0
-# tcontext=u:object_r:media_rw_data_file:s0 tclass=dir permissive=1
-# type=1400 audit(0.0:6513): avc: denied { add_name } for name="CURRENT.dbg"
-# scontext=u:r:aee_core_forwarder:s0 tcontext=u:object_r:media_rw_data_file:s0
-# tclass=dir permissive=1
-# type=1400 audit(0.0:6514): avc: denied { create } for name="CURRENT.dbg"
-# scontext=u:r:aee_core_forwarder:s0 tcontext=u:object_r:media_rw_data_file:s0
-# tclass=file permissive=1
-# type=1400 audit(0.0:6515): avc: denied { write open } for
-# path="/data/media/0/mtklog/aee_exp/temp/db.p08JgF/CURRENT.dbg" dev="dm-0"
-# ino=540952 scontext=u:r:aee_core_forwarder:s0 tcontext=u:object_r:media_rw_data_file:s0
-# tclass=file permissive=1
-allow aee_core_forwarder media_rw_data_file:dir w_dir_perms;
-allow aee_core_forwarder media_rw_data_file:file create_file_perms;
-
-# Purpose : allow aee_core_forwarder to connect aee_aed socket
-allow aee_core_forwarder crash_dump:unix_stream_socket connectto;
diff --git a/basic/debug/plat_private/connsyslogger.te b/basic/debug/plat_private/connsyslogger.te
deleted file mode 100644
index 8070561..0000000
--- a/basic/debug/plat_private/connsyslogger.te
+++ /dev/null
@@ -1,15 +0,0 @@
-# ==============================================
-# Common SEPolicy Rule
-# ==============================================
-
-typeattribute connsyslogger coredomain;
-typeattribute connsyslogger mlstrustedsubject;
-type connsyslogger_exec, system_file_type, exec_type, file_type;
-init_daemon_domain(connsyslogger)
-
-set_prop(connsyslogger, system_mtk_connsysfw_prop)
-
-#Date:2019/06/27
-#access data/debuglog
-allow connsyslogger debuglog_data_file:dir {relabelto create_dir_perms};
-allow connsyslogger debuglog_data_file:file create_file_perms;
diff --git a/basic/debug/plat_private/crash_dump.te b/basic/debug/plat_private/crash_dump.te
deleted file mode 100644
index 24f57bb..0000000
--- a/basic/debug/plat_private/crash_dump.te
+++ /dev/null
@@ -1,29 +0,0 @@
-# Purpose: crash_dump set property
-set_prop(crash_dump, system_mtk_persist_mtk_aee_prop)
-set_prop(crash_dump, system_mtk_persist_aee_prop)
-set_prop(crash_dump, system_mtk_debug_mtk_aee_prop)
-get_prop(crash_dump, system_mtk_aee_basic_prop)
-
-# Date : WK17.09
-# Operation : AEE UT for Android O
-# Purpose : for AEE module to dump files
-domain_auto_trans(crash_dump, dumpstate_exec, dumpstate)
-
-# aee db dir and db files
-allow crash_dump sdcard_type:dir create_dir_perms;
-allow crash_dump sdcard_type:file create_file_perms;
-
-# system(cmd) aee_dumpstate aee_archive
-allow crash_dump shell_exec:file rx_file_perms;
-
-# Purpose: dump bugreport into NE DB
-allow crash_dump dumpstate_socket:sock_file w_file_perms;
-allow crash_dump dumpstate:unix_stream_socket connectto;
-set_prop(crash_dump, ctl_start_prop)
-
-# Purpose: Allow crash_dump to get mobile log prop
-get_prop(crash_dump, system_mtk_mobile_log_prop)
-
-# Purpose: Allow crash_dump to write /data/debuglogger/mobilelog
-allow crash_dump debuglog_data_file:dir create_dir_perms;
-allow crash_dump debuglog_data_file:file create_file_perms;
diff --git a/basic/debug/plat_private/dumpstate.te b/basic/debug/plat_private/dumpstate.te
deleted file mode 100644
index 236691c..0000000
--- a/basic/debug/plat_private/dumpstate.te
+++ /dev/null
@@ -1,18 +0,0 @@
-# ==============================================
-# Common SEPolicy Rule
-# ==============================================
-
-# 01-01 17:59:14.440 7664 7664 I aee_dumpstate: type=1400 audit(0.0:63497):
-# avc: denied { open } for path="/sys/kernel/debug/tracing/tracing_on" dev=
-# "debugfs" ino=2087 scontext=u:r:dumpstate:s0 tcontext=u:object_r:
-# tracing_shell_writable:s0 tclass=file permissive=1
-allow dumpstate debugfs_tracing:file rw_file_perms;
-
-# Purpose: aee_dumpstate set surfaceflinger property
-set_prop(dumpstate, system_mtk_debug_bq_dump_prop)
-
-# Date: W1826
-# Purpose : mobile_log_d exec 'logcat -L' via dumpstate
-allow dumpstate mobile_log_d:fd use;
-allow dumpstate mobile_log_d:fifo_file w_file_perms;
-allow dumpstate mobile_log_d:unix_stream_socket rw_socket_perms_no_ioctl;
diff --git a/basic/debug/plat_private/emdlogger.te b/basic/debug/plat_private/emdlogger.te
deleted file mode 100644
index 73203f8..0000000
--- a/basic/debug/plat_private/emdlogger.te
+++ /dev/null
@@ -1,87 +0,0 @@
-# ==============================================
-# Common SEPolicy Rule
-# ==============================================
-
-type emdlogger_exec, system_file_type, exec_type, file_type;
-typeattribute emdlogger coredomain;
-typeattribute emdlogger mlstrustedsubject;
-
-init_daemon_domain(emdlogger)
-binder_use(emdlogger)
-binder_service(emdlogger)
-
-# for modem logging sdcard access
-allow emdlogger sdcard_type:dir create_dir_perms;
-allow emdlogger sdcard_type:file create_file_perms;
-
-# modem logger socket access
-allow emdlogger platform_app:unix_stream_socket connectto;
-allow emdlogger shell_exec:file rx_file_perms;
-allow emdlogger system_file:file x_file_perms;
-allow emdlogger zygote_exec:file rx_file_perms;
-
-#modem logger SD logging in factory mode
-allow emdlogger vfat:dir create_dir_perms;
-allow emdlogger vfat:file create_file_perms;
-
-#modem logger permission in storage in android M version
-allow emdlogger mnt_user_file:dir search;
-allow emdlogger mnt_user_file:lnk_file r_file_perms;
-allow emdlogger storage_file:lnk_file r_file_perms;
-
-#permission for storage link access in vzw Project
-allow emdlogger mnt_media_rw_file:dir search;
-
-
-#permission for use SELinux API
-#avc: denied { read } for pid=576 comm="emdlogger1" name="selinux_version" dev="rootfs"
-allow emdlogger rootfs:file r_file_perms;
-
-#permission for storage access storage
-allow emdlogger storage_file:dir create_dir_perms;
-allow emdlogger tmpfs:lnk_file r_file_perms;
-allow emdlogger storage_file:file create_file_perms;
-
-# Allow read avc: denied { read } for name="mddb" dev="mmcblk0p25" ino=681
-# scontext=u:r:emdlogger:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=0
-allow emdlogger system_file:dir r_dir_perms;
-
-# permission for android N policy
-allow emdlogger toolbox_exec:file rx_file_perms;
-
-# purpose: allow emdlogger to access storage in N version
-allow emdlogger media_rw_data_file:file create_file_perms;
-allow emdlogger media_rw_data_file:dir create_dir_perms;
-
-## Android P migration
-## purpose: denied { read } for name="cmdline" dev="proc"
-#denied { search } for name="android" dev="sysfs"
-#for name="compatible" dev="sysfs" ino=2985 scontext=u
-#:r:emdlogger:s0 tcontext=u:object_r:sysfs_dt_firmware_android:s0
-#avc: denied { open } for path="/system/etc/mddb"
-#avc: denied { read } for name="u:object_r:vendor_default_prop:s0"
-allow emdlogger proc_cmdline:file r_file_perms;
-allow emdlogger sysfs_dt_firmware_android:dir r_dir_perms;
-allow emdlogger tmpfs:dir w_dir_perms;
-allow emdlogger sysfs_dt_firmware_android:file r_file_perms;
-set_prop(emdlogger, system_mtk_persist_mtklog_prop)
-set_prop(emdlogger, system_mtk_mdl_prop)
-set_prop(emdlogger, system_mtk_mdl_start_prop)
-set_prop(emdlogger, system_mtk_debug_mdlogger_prop)
-set_prop(emdlogger, system_mtk_persist_mdlog_prop)
-set_prop(emdlogger, system_mtk_mdl_pulllog_prop)
-set_prop(emdlogger, usb_prop)
-set_prop(emdlogger, debug_prop)
-set_prop(emdlogger, usb_control_prop)
-
-## Android Q migration
-## purpose: read modem db and filter folder and file
-allow emdlogger mddb_filter_data_file:dir r_dir_perms;
-allow emdlogger mddb_filter_data_file:file r_file_perms;
-
-# save log into /data/debuglogger
-allow emdlogger debuglog_data_file:dir {relabelto create_dir_perms};
-allow emdlogger debuglog_data_file:file create_file_perms;
-
-# get persist.sys. proeprty
-get_prop(emdlogger, system_prop)
diff --git a/basic/debug/plat_private/file_contexts b/basic/debug/plat_private/file_contexts
deleted file mode 100644
index 28466fc..0000000
--- a/basic/debug/plat_private/file_contexts
+++ /dev/null
@@ -1,29 +0,0 @@
-# ==============================================
-# Common SEPolicy Rule
-# ==============================================
-
-##########################
-# System files
-#
-/system/bin/mobile_log_d u:object_r:mobile_log_d_exec:s0
-/system/bin/modemdbfilter_client u:object_r:modemdbfilter_client_exec:s0
-/system/bin/netdiag u:object_r:netdiag_exec:s0
-/system/bin/loghidlsysservice u:object_r:loghidlsysservice_exec:s0
-/system/bin/connsyslogger u:object_r:connsyslogger_exec:s0
-
-##########################
-# SystemExt files
-#
-/(system_ext|system/system_ext)/bin/mdlogger u:object_r:mdlogger_exec:s0
-/(system_ext|system/system_ext)/bin/emdlogger[0-9]+ u:object_r:emdlogger_exec:s0
-
-/(system_ext|system/system_ext)/bin/aee_core_forwarder u:object_r:aee_core_forwarder_exec:s0
-/(system_ext|system/system_ext)/bin/aeedb u:object_r:crash_dump_exec:s0
-/(system_ext|system/system_ext)/bin/aee_aed u:object_r:crash_dump_exec:s0
-/(system_ext|system/system_ext)/bin/aee_aed64 u:object_r:crash_dump_exec:s0
-/(system_ext|system/system_ext)/bin/aee_dumpstate u:object_r:dumpstate_exec:s0
-/(system_ext|system/system_ext)/bin/aee_aed64_v2 u:object_r:crash_dump_exec:s0
-/(system_ext|system/system_ext)/bin/aee_core_forwarder_v2 u:object_r:aee_core_forwarder_exec:s0
-/(system_ext|system/system_ext)/bin/aee_v2 u:object_r:crash_dump_exec:s0
-/(system_ext|system/system_ext)/bin/aeedb_v2 u:object_r:crash_dump_exec:s0
-/(system_ext|system/system_ext)/bin/aee_dumpstate_v2 u:object_r:dumpstate_exec:s0
diff --git a/basic/debug/plat_private/init.te b/basic/debug/plat_private/init.te
deleted file mode 100644
index 20fe316..0000000
--- a/basic/debug/plat_private/init.te
+++ /dev/null
@@ -1 +0,0 @@
-domain_trans(init, crash_dump_exec, shell)
diff --git a/basic/debug/plat_private/kernel.te b/basic/debug/plat_private/kernel.te
deleted file mode 100644
index cbe42f6..0000000
--- a/basic/debug/plat_private/kernel.te
+++ /dev/null
@@ -1,6 +0,0 @@
-# ==============================================
-# Common SEPolicy Rule
-# ==============================================
-
-domain_auto_trans(kernel, aee_core_forwarder_exec, aee_core_forwarder)
-
diff --git a/basic/debug/plat_private/loghidlsysservice.te b/basic/debug/plat_private/loghidlsysservice.te
deleted file mode 100644
index 84ee073..0000000
--- a/basic/debug/plat_private/loghidlsysservice.te
+++ /dev/null
@@ -1,16 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/loghidlsysservice Executable File
-
-# ==============================================
-# Type Declaration
-# ==============================================
-type loghidlsysservice_exec, system_file_type, exec_type, file_type;
-typeattribute loghidlsysservice coredomain;
-
-# ==============================================
-# Common SEPolicy Rule
-# ==============================================
-init_daemon_domain(loghidlsysservice)
-
-allow loghidlsysservice emdlogger:unix_stream_socket connectto;
-allow loghidlsysservice mobile_log_d:unix_stream_socket connectto;
diff --git a/basic/debug/plat_private/mdlogger.te b/basic/debug/plat_private/mdlogger.te
deleted file mode 100644
index 699cc7e..0000000
--- a/basic/debug/plat_private/mdlogger.te
+++ /dev/null
@@ -1,65 +0,0 @@
-# ==============================================
-# Common SEPolicy Rule
-# ==============================================
-
-type mdlogger_exec , system_file_type, exec_type, file_type;
-typeattribute mdlogger coredomain;
-typeattribute mdlogger mlstrustedsubject;
-
-init_daemon_domain(mdlogger)
-
-binder_use(mdlogger)
-
-binder_service(mdlogger)
-
-# modem logger socket access
-allow mdlogger platform_app:unix_stream_socket connectto;
-allow mdlogger shell_exec:file rx_file_perms;
-allow mdlogger system_file:file x_file_perms;
-allow mdlogger zygote_exec:file r_file_perms;
-allow mdlogger node:tcp_socket node_bind;
-allow mdlogger port:tcp_socket name_bind;
-allow mdlogger self:tcp_socket create_stream_socket_perms;
-
-#modem logger SD logging in factory mode
-allow mdlogger vfat:dir create_dir_perms;
-allow mdlogger vfat:file create_file_perms;
-
-allow mdlogger tmpfs:lnk_file r_file_perms;
-allow mdlogger storage_file:lnk_file rw_file_perms;
-allow mdlogger mnt_user_file:dir search;
-allow mdlogger mnt_user_file:lnk_file rw_file_perms;
-allow mdlogger sdcard_type:file create_file_perms;
-allow mdlogger sdcard_type:dir create_dir_perms;
-
-# purpose: allow mdlogger to access storage in new version
-allow mdlogger media_rw_data_file:file create_file_perms;
-allow mdlogger media_rw_data_file:dir create_dir_perms;
-
-allow mdlogger storage_file:dir create_dir_perms;
-allow mdlogger storage_file:file create_file_perms;
-
-## purpose: avc: denied { read } for name="plat_file_contexts"
-allow mdlogger file_contexts_file:file r_file_perms;
-
-# Allow read avc: denied { read } for name="mddb" dev="mmcblk0p25" ino=681
-# scontext=u:r:mdlogger:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=0
-allow mdlogger system_file:dir r_dir_perms;
-
-# Android P migration
-set_prop(mdlogger, system_mtk_mdl_prop)
-set_prop(mdlogger, system_mtk_persist_mdlog_prop)
-set_prop(mdlogger, system_mtk_persist_mtklog_prop)
-
-## Android Q migration
-## purpose: read modem db and filter folder and file
-allow mdlogger mddb_filter_data_file:dir r_dir_perms;
-allow mdlogger mddb_filter_data_file:file r_file_perms;
-
-## Save modem log into data
-allow mdlogger debuglog_data_file:dir {relabelto create_dir_perms};
-allow mdlogger debuglog_data_file:file create_file_perms;
-
-#allow mdlogger to set property
-set_prop(mdlogger, system_mtk_debug_mdlogger_prop)
-set_prop(mdlogger, debug_prop)
diff --git a/basic/debug/plat_private/mobile_log_d.te b/basic/debug/plat_private/mobile_log_d.te
deleted file mode 100644
index e8d4697..0000000
--- a/basic/debug/plat_private/mobile_log_d.te
+++ /dev/null
@@ -1,105 +0,0 @@
-# ==============================================
-# Common SEPolicy Rule
-# ==============================================
-
-type mobile_log_d_exec, system_file_type, exec_type, file_type;
-typeattribute mobile_log_d coredomain;
-typeattribute mobile_log_d mlstrustedsubject;
-
-init_daemon_domain(mobile_log_d)
-
-#syslog module
-allow mobile_log_d kernel:system syslog_mod;
-
-#GMO project
-dontaudit mobile_log_d untrusted_app:fd use;
-dontaudit mobile_log_d isolated_app:fd use;
-
-#debug property set
-set_prop(mobile_log_d, debug_prop)
-
-#socket connect and write
-unix_socket_connect(mobile_log_d, logdr, logd);
-
-#capability
-allow mobile_log_d self:capability { setuid setgid chown fowner fsetid };
-allow mobile_log_d self:capability2 syslog;
-
-#aee mode switch
-allow mobile_log_d system_file:file x_file_perms;
-
-#shell command
-allow mobile_log_d shell_exec:file rx_file_perms;
-
-# execute logcat command
-allow mobile_log_d logcat_exec:file rx_file_perms;
-
-# execute 'logcat -L' via dumpstate
-domain_auto_trans(mobile_log_d, logcat_exec, dumpstate)
-
-#general storage access
-allow mobile_log_d storage_file:dir create_dir_perms;
-allow mobile_log_d storage_file:file create_file_perms;
-allow mobile_log_d storage_file:lnk_file create_file_perms;
-allow mobile_log_d mnt_user_file:dir create_dir_perms;
-allow mobile_log_d mnt_user_file:lnk_file create_file_perms;
-allow mobile_log_d sdcard_type:dir create_dir_perms;
-allow mobile_log_d sdcard_type:file create_file_perms;
-
-#factory mode vfat access
-allow mobile_log_d vfat:dir create_dir_perms;
-allow mobile_log_d vfat:file create_file_perms;
-
-#chiptest mode storage access
-allow mobile_log_d mnt_media_rw_file:dir create_dir_perms;
-allow mobile_log_d mnt_media_rw_file:lnk_file create_file_perms;
-
-#system/bin/toybox for using 'sh' command
-allow mobile_log_d toolbox_exec:file rx_file_perms;
-
-#selinux_version access
-allow mobile_log_d rootfs:file r_file_perms;
-
-#dev/__properties__ access
-get_prop(mobile_log_d, device_logging_prop)
-get_prop(mobile_log_d, mmc_prop)
-get_prop(mobile_log_d, safemode_prop)
-
-# purpose: allow MobileLog to access storage in N version
-allow mobile_log_d media_rw_data_file:file create_file_perms;
-allow mobile_log_d media_rw_data_file:dir create_dir_perms;
-
-# access debugfs/tracing/instances/
-allow mobile_log_d debugfs_tracing:dir create_dir_perms;
-allow mobile_log_d debugfs_tracing_instances:dir create_dir_perms;
-allow mobile_log_d debugfs_tracing_instances:file create_file_perms;
-
-#data/debuglog
-allow mobile_log_d debuglog_data_file:dir {relabelto create_dir_perms};
-allow mobile_log_d debuglog_data_file:file create_file_perms;
-
-#mcupm
-allow mobile_log_d mcupm_device:chr_file r_file_perms;
-allow mobile_log_d sysfs_mcupm:file w_file_perms;
-allow mobile_log_d sysfs_mcupm:dir search;
-
-#for logpost feature
-userdebug_or_eng(`
- allow mobile_log_d domain:dir r_dir_perms;
- allow mobile_log_d domain:{file lnk_file} r_file_perms;
- allow mobile_log_d dnsproxyd_socket:sock_file w_file_perms;
- allow mobile_log_d self:udp_socket create_socket_perms_no_ioctl;
- allow mobile_log_d netd:unix_stream_socket connectto;
- allow mobile_log_d self:tcp_socket getopt;
- allow mobile_log_d fwmarkd_socket:sock_file w_file_perms;
- set_prop(mobile_log_d, system_mtk_mobile_log_post_prop)
-')
-
-#mobile itself property
-set_prop(mobile_log_d, system_mtk_mobile_log_prop)
-
-#wifi driver log property
-get_prop(mobile_log_d, system_mtk_wifisa_log_prop)
-
-# purpose: allow mobile_log_d to read persist.vendor.mtk.aee
-get_prop(mobile_log_d, system_mtk_persist_mtk_aee_prop)
diff --git a/basic/debug/plat_private/modemdbfilter_client.te b/basic/debug/plat_private/modemdbfilter_client.te
deleted file mode 100644
index 64b9e16..0000000
--- a/basic/debug/plat_private/modemdbfilter_client.te
+++ /dev/null
@@ -1,20 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/modemdbfilter_client Executable File
-
-# ==============================================
-# Type Declaration
-# ==============================================
-
-type modemdbfilter_client_exec, exec_type, system_file_type, file_type;
-typeattribute modemdbfilter_client coredomain;
-
-# ==============================================
-# Common SEPolicy Rule
-# ==============================================
-
-init_daemon_domain(modemdbfilter_client)
-
-# Purpose : for create hidl client
-hal_client_domain(modemdbfilter_client, hal_mtk_md_dbfilter)
-allow modemdbfilter_client mddb_filter_data_file:dir { create_dir_perms relabelto };
-allow modemdbfilter_client mddb_filter_data_file:file create_file_perms;
diff --git a/basic/debug/plat_private/netdiag.te b/basic/debug/plat_private/netdiag.te
deleted file mode 100644
index 9d54ea5..0000000
--- a/basic/debug/plat_private/netdiag.te
+++ /dev/null
@@ -1,102 +0,0 @@
-# ==============================================
-# Common SEPolicy Rule
-# ==============================================
-
-type netdiag_exec, system_file_type, exec_type, file_type;
-typeattribute netdiag coredomain;
-typeattribute netdiag mlstrustedsubject;
-
-init_daemon_domain(netdiag)
-
-# Purpose : for access storage file
-allow netdiag sdcard_type:dir create_dir_perms;
-allow netdiag sdcard_type:file create_file_perms;
-allow netdiag domain:dir search;
-allow netdiag domain:file r_file_perms;
-allow netdiag net_data_file:file r_file_perms;
-allow netdiag net_data_file:dir search;
-allow netdiag storage_file:dir search;
-allow netdiag storage_file:lnk_file r_file_perms;
-allow netdiag mnt_user_file:dir search;
-allow netdiag mnt_user_file:lnk_file r_file_perms;
-allow netdiag platform_app:dir search;
-allow netdiag untrusted_app:dir search;
-allow netdiag mnt_media_rw_file:dir search;
-allow netdiag vfat:dir create_dir_perms;
-allow netdiag vfat:file create_file_perms;
-allow netdiag tmpfs:lnk_file r_file_perms;
-allow netdiag system_file:file rx_file_perms;
-
-# Purpose : for shell, set uid and gid
-allow netdiag self:capability { net_admin setuid net_raw setgid};
-allow netdiag shell_exec:file rx_file_perms;
-
-#access /proc/318/net/psched
-allow netdiag proc_net:file r_file_perms;
-
-# Purpose : for ping
-allow netdiag dnsproxyd_socket:sock_file w_file_perms;
-allow netdiag fwmarkd_socket:sock_file w_file_perms;
-allow netdiag netd:unix_stream_socket connectto;
-allow netdiag self:udp_socket create_socket_perms;
-
-# Purpose : for service permission
-allow netdiag connectivity_service:service_manager find;
-allow netdiag netstats_service:service_manager find;
-allow netdiag system_server:binder call;
-allow netdiag servicemanager:binder call;
-binder_use(netdiag)
-
-# Purpose : for dumpsys permission
-allow netdiag connmetrics_service:service_manager find;
-allow netdiag netpolicy_service:service_manager find;
-allow netdiag network_management_service:service_manager find;
-allow netdiag settings_service:service_manager find;
-
-# Purpose : for acess /system/bin/toybox, mmc_prop,proc_net and safemode_prop
-get_prop(netdiag, device_logging_prop)
-get_prop(netdiag, mmc_prop)
-allow netdiag proc_net:dir r_dir_perms;
-get_prop(netdiag, safemode_prop)
-allow netdiag toolbox_exec:file rx_file_perms;
-
-# purpose: allow netdiag to access storage in new version
-allow netdiag media_rw_data_file:file create_file_perms;
-allow netdiag media_rw_data_file:dir create_dir_perms;
-
-# Purpose : for ip spec output
-allow netdiag self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_read };
-
-# Purpose: for socket error of tcpdump
-allow netdiag self:packet_socket create_socket_perms;
-allowxperm netdiag self:packet_socket ioctl {SIOCGIFINDEX SIOCGSTAMP};
-allow netdiag proc_net_tcp_udp:file r_file_perms;
-
-# Purpose: for ip
-allow netdiag self:netlink_route_socket { create_socket_perms_no_ioctl nlmsg_read };
-
-# Purpose: for iptables
-allow netdiag kernel:system module_request;
-allow netdiag self:rawip_socket create_socket_perms_no_ioctl;
-
-#Purpose : for network log property
-set_prop(netdiag, system_mtk_debug_netlog_prop)
-set_prop(netdiag, system_mtk_persist_mtklog_prop)
-set_prop(netdiag, system_mtk_debug_mtklog_prop)
-
-## Android P migration
-allow netdiag proc_qtaguid_stat:dir r_dir_perms;
-allow netdiag proc_qtaguid_stat:file r_file_perms;
-allow netdiag netd:binder call;
-get_prop(netdiag, apexd_prop)
-
-# Q save log into /data/debuglogger
-allow netdiag debuglog_data_file:dir {relabelto create_dir_perms};
-allow netdiag debuglog_data_file:file create_file_perms;
-
-# add for dump network_stack
-allow netdiag network_stack:binder call;
-allow netdiag network_stack_service:service_manager find;
-
-# add for unlink file_tree.txt
-allow netdiag debuglog_data_file:lnk_file { getattr unlink };
diff --git a/basic/debug/plat_private/network_stack.te b/basic/debug/plat_private/network_stack.te
deleted file mode 100644
index 2c7822c..0000000
--- a/basic/debug/plat_private/network_stack.te
+++ /dev/null
@@ -1,3 +0,0 @@
-# add for netdiag dump network_stack
-allow network_stack netdiag:fd use;
-allow network_stack netdiag:fifo_file w_file_perms;
\ No newline at end of file
diff --git a/basic/debug/plat_private/platform_app.te b/basic/debug/plat_private/platform_app.te
deleted file mode 100644
index 9214d75..0000000
--- a/basic/debug/plat_private/platform_app.te
+++ /dev/null
@@ -1,37 +0,0 @@
-# ==============================================
-# Common SEPolicy Rule
-# ==============================================
-
-allow platform_app system_app_service:service_manager find;
-
-# Date : WK17.29
-# Stage: O Migration, SQC
-# Purpose: Allow to use selinux for hal_power
-hal_client_domain(platform_app, hal_power)
-
-# Date: 2018/06/08
-# Operation : Migration
-# Purpose : MTKLogger need get netlog/mdlog/mobilelog property for property change
-# Package: com.mediatek.mtklogger
-get_prop(platform_app, system_mtk_debug_mdlogger_prop)
-get_prop(platform_app, system_mtk_debug_mtklog_prop)
-get_prop(platform_app, system_mtk_vendor_bluetooth_prop)
-get_prop(platform_app, system_mtk_mobile_log_prop)
-
-get_prop(platform_app, system_mtk_connsysfw_prop)
-
-# Date: 2019/07/18
-# Operation : Migration
-# Purpose : DebugLoggerUI access data/debuglogger/ folder
-# Package: com.debug.loggerui
-allow platform_app debuglog_data_file:dir create_dir_perms;
-allow platform_app debuglog_data_file:file create_file_perms;
-
-#For tel log settings
-set_prop(platform_app, log_tag_prop)
-
-#For audio log settings
-set_prop(platform_app, system_mtk_audio_prop)
-
-#For display debug log settings
-set_prop(platform_app, system_mtk_sf_debug_prop)
diff --git a/basic/debug/plat_private/property.te b/basic/debug/plat_private/property.te
deleted file mode 100644
index ba0c12a..0000000
--- a/basic/debug/plat_private/property.te
+++ /dev/null
@@ -1,8 +0,0 @@
-system_internal_prop(system_mtk_debug_mtk_aee_prop)
-system_internal_prop(system_mtk_persist_aee_prop)
-system_internal_prop(system_mtk_aee_basic_prop)
-
-typeattribute system_mtk_debug_mtk_aee_prop extended_core_property_type;
-typeattribute system_mtk_persist_aee_prop extended_core_property_type;
-typeattribute system_mtk_aee_basic_prop extended_core_property_type;
-typeattribute system_mtk_persist_mtk_aee_prop extended_core_property_type;
diff --git a/basic/debug/plat_private/property_contexts b/basic/debug/plat_private/property_contexts
deleted file mode 100644
index ea97faa..0000000
--- a/basic/debug/plat_private/property_contexts
+++ /dev/null
@@ -1,5 +0,0 @@
-persist.vendor.mtk.aee. u:object_r:system_mtk_persist_mtk_aee_prop:s0
-persist.vendor.aee. u:object_r:system_mtk_persist_aee_prop:s0
-vendor.debug.mtk.aee. u:object_r:system_mtk_debug_mtk_aee_prop:s0
-ro.vendor.aee.basic u:object_r:system_mtk_aee_basic_prop:s0
-init.svc.aee_aedv u:object_r:system_mtk_init_svc_aee_aedv_prop:s0
diff --git a/basic/debug/plat_private/radio.te b/basic/debug/plat_private/radio.te
deleted file mode 100644
index 47e2a6b..0000000
--- a/basic/debug/plat_private/radio.te
+++ /dev/null
@@ -1,5 +0,0 @@
-#Date : 2021/08/01
-# Operation : Allow radio read write data/debuglogger folder
-# Purpose : Add for ATG app
-allow radio debuglog_data_file:dir create_dir_perms;
-allow radio debuglog_data_file:file create_file_perms;
\ No newline at end of file
diff --git a/basic/debug/plat_private/shell.te b/basic/debug/plat_private/shell.te
deleted file mode 100644
index 5ad5b4d..0000000
--- a/basic/debug/plat_private/shell.te
+++ /dev/null
@@ -1,3 +0,0 @@
-get_prop(shell, system_mtk_persist_mtk_aee_prop)
-get_prop(shell, system_mtk_persist_aee_prop)
-get_prop(shell, system_mtk_debug_mtk_aee_prop)
diff --git a/basic/debug/plat_private/system_server.te b/basic/debug/plat_private/system_server.te
deleted file mode 100644
index a554fe7..0000000
--- a/basic/debug/plat_private/system_server.te
+++ /dev/null
@@ -1,9 +0,0 @@
-# Date : WK18.33
-# Purpose : type=1400 audit(0.0:1592): avc: denied { read }
-# for comm=4572726F722064756D703A20646174 name=
-# "u:object_r:system_mtk_persist_mtk_aee_prop:s0" dev="tmpfs"
-# ino=10312 scontext=u:r:system_server:s0 tcontext=
-# u:object_r:system_mtk_persist_mtk_aee_prop:s0 tclass=file permissive=0
-get_prop(system_server, system_mtk_persist_mtk_aee_prop)
-
-get_prop(system_server, system_mtk_debug_mtk_aee_prop)
diff --git a/basic/debug/plat_public/aee_core_forwarder.te b/basic/debug/plat_public/aee_core_forwarder.te
deleted file mode 100644
index b8c237e..0000000
--- a/basic/debug/plat_public/aee_core_forwarder.te
+++ /dev/null
@@ -1,7 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/aee_core_forwarder Executable File
-
-# ==============================================
-# Type Declaration
-# ==============================================
-type aee_core_forwarder, domain;
diff --git a/basic/debug/plat_public/attributes b/basic/debug/plat_public/attributes
deleted file mode 100644
index 9abd6f6..0000000
--- a/basic/debug/plat_public/attributes
+++ /dev/null
@@ -1,13 +0,0 @@
-# ==============================================
-# MTK Attribute declarations
-# ==============================================
-
-# Date: 2018/03/23
-# log hidl
-attribute hal_mtk_log;
-attribute hal_mtk_log_client;
-attribute hal_mtk_log_server;
-
-attribute hal_mtk_aee;
-attribute hal_mtk_aee_client;
-attribute hal_mtk_aee_server;
diff --git a/basic/debug/plat_public/connsyslogger.te b/basic/debug/plat_public/connsyslogger.te
deleted file mode 100644
index f3062c8..0000000
--- a/basic/debug/plat_public/connsyslogger.te
+++ /dev/null
@@ -1,7 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/connsyslogger Executable File
-
-# ==============================================
-# Type Declaration
-# ==============================================
-type connsyslogger, domain;
diff --git a/basic/debug/plat_public/emdlogger.te b/basic/debug/plat_public/emdlogger.te
deleted file mode 100644
index f116ac0..0000000
--- a/basic/debug/plat_public/emdlogger.te
+++ /dev/null
@@ -1,7 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/emdlogger[x] Executable File
-
-# ==============================================
-# Type Declaration
-# ==============================================
-type emdlogger, domain;
diff --git a/basic/debug/plat_public/loghidlsysservice.te b/basic/debug/plat_public/loghidlsysservice.te
deleted file mode 100644
index 9f3b33d..0000000
--- a/basic/debug/plat_public/loghidlsysservice.te
+++ /dev/null
@@ -1,7 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/loghidlsysservice Executable File
-
-# ==============================================
-# Type Declaration
-# ==============================================
-type loghidlsysservice, domain;
diff --git a/basic/debug/plat_public/mdlogger.te b/basic/debug/plat_public/mdlogger.te
deleted file mode 100644
index 4febc5e..0000000
--- a/basic/debug/plat_public/mdlogger.te
+++ /dev/null
@@ -1,7 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/mdlogger Executable File
-
-# ==============================================
-# Type Declaration
-# ==============================================
-type mdlogger, domain;
diff --git a/basic/debug/plat_public/mobile_log_d.te b/basic/debug/plat_public/mobile_log_d.te
deleted file mode 100644
index 8ad1e2a..0000000
--- a/basic/debug/plat_public/mobile_log_d.te
+++ /dev/null
@@ -1,7 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/mobile_log_d Executable File
-
-# ==============================================
-# Type Declaration
-# ==============================================
-type mobile_log_d, domain;
diff --git a/basic/debug/plat_public/modemdbfilter_client.te b/basic/debug/plat_public/modemdbfilter_client.te
deleted file mode 100644
index ec9df6e..0000000
--- a/basic/debug/plat_public/modemdbfilter_client.te
+++ /dev/null
@@ -1,7 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/modemdbfilter_client Executable File
-
-# ==============================================
-# Type Declaration
-# ==============================================
-type modemdbfilter_client, domain;
diff --git a/basic/debug/plat_public/property.te b/basic/debug/plat_public/property.te
deleted file mode 100644
index b89898c..0000000
--- a/basic/debug/plat_public/property.te
+++ /dev/null
@@ -1,2 +0,0 @@
-system_public_prop(system_mtk_init_svc_aee_aedv_prop)
-system_public_prop(system_mtk_persist_mtk_aee_prop)
diff --git a/bsp/debug/non_plat/aee_aedv.te b/bsp/debug/non_plat/aee_aedv.te
deleted file mode 100644
index 5944760..0000000
--- a/bsp/debug/non_plat/aee_aedv.te
+++ /dev/null
@@ -1,11 +0,0 @@
-# ==============================================
-# Common SEPolicy Rule
-# ==============================================
-
-# Date : WK16.21
-# Operation : direct coredump enhancement
-# Purpose : support abort message dumping
-userdebug_or_eng(`
- allow aee_aedv coredump_file:dir { remove_name };
- allow aee_aedv coredump_file:file { unlink };
-')
diff --git a/bsp/debug/non_plat/domain.te b/bsp/debug/non_plat/domain.te
deleted file mode 100644
index 9a66593..0000000
--- a/bsp/debug/non_plat/domain.te
+++ /dev/null
@@ -1,4 +0,0 @@
-# Date : WK17.29
-# Operation : Migration
-# Purpose : for aee dump systemAPI db, get backtrace
-allow domain aee_aedv:process sigchld;
diff --git a/bsp/debug/non_plat/file.te b/bsp/debug/non_plat/file.te
deleted file mode 100644
index f38e08e..0000000
--- a/bsp/debug/non_plat/file.te
+++ /dev/null
@@ -1,9 +0,0 @@
-# Date : WK16.35
-# Operation : untrusted_app support direct-coredump abort message
-# Purpose :
-# avc: denied { write } for name="aee_interim" dev="dm-0" ino=8236
-# scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:coredump_file:s0
-# tclass=dir permissive=0
-userdebug_or_eng(`
- typeattribute coredump_file mlstrustedobject;
-')
diff --git a/bsp/debug/non_plat/logd.te b/bsp/debug/non_plat/logd.te
deleted file mode 100644
index 17fe263..0000000
--- a/bsp/debug/non_plat/logd.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# purpose: allow logd to access aee socket
-allow logd crash_dump:unix_stream_socket connectto;
diff --git a/bsp/debug/non_plat/platform_app.te b/bsp/debug/non_plat/platform_app.te
deleted file mode 100644
index 4a8b81a..0000000
--- a/bsp/debug/non_plat/platform_app.te
+++ /dev/null
@@ -1,6 +0,0 @@
-# Date : 2021/05/19
-# Purpose :[CdsInfo] read/ write WI-FI MAC address by NVRAM API
-# Package Name: com.mediatek.connectivity
-hal_client_domain(platform_app, hal_mtk_nvramagent)
-hal_client_domain(platform_app, hal_telephony)
-binder_call(platform_app, rild)
\ No newline at end of file
diff --git a/bsp/debug/non_plat/rild.te b/bsp/debug/non_plat/rild.te
deleted file mode 100644
index b51dde8..0000000
--- a/bsp/debug/non_plat/rild.te
+++ /dev/null
@@ -1,4 +0,0 @@
-# Date: 2021/05/25
-# Operation: Engineer mode send AT command
-# Purpose: allow rild callback to CDS_INFO app
-binder_call(rild, platform_app)
\ No newline at end of file
diff --git a/bsp/debug/non_plat/shell.te b/bsp/debug/non_plat/shell.te
deleted file mode 100644
index 4af0fe9..0000000
--- a/bsp/debug/non_plat/shell.te
+++ /dev/null
@@ -1,4 +0,0 @@
-# Date : WK17.46
-# Operation : Migration
-# Purpose: Allow shell to read KE DB
-allow shell aee_dumpsys_data_file:file r_file_perms;
diff --git a/bsp/debug/non_plat/surfaceflinger.te b/bsp/debug/non_plat/surfaceflinger.te
deleted file mode 100644
index 92b0add..0000000
--- a/bsp/debug/non_plat/surfaceflinger.te
+++ /dev/null
@@ -1 +0,0 @@
-allow surfaceflinger aee_exp_data_file:file write;
diff --git a/bsp/debug/non_plat/system_app.te b/bsp/debug/non_plat/system_app.te
deleted file mode 100644
index 15cfebb..0000000
--- a/bsp/debug/non_plat/system_app.te
+++ /dev/null
@@ -1,8 +0,0 @@
-# ==============================================
-# Common SEPolicy Rule
-# ==============================================
-
-
-# Date: 2019/09/11
-# Purpose: Allow atmwifimeta apk to use HIDL and access loghidlvendorservice
-hal_client_domain(system_app, hal_mtk_log)
diff --git a/bsp/debug/non_plat/system_server.te b/bsp/debug/non_plat/system_server.te
deleted file mode 100644
index a4038d5..0000000
--- a/bsp/debug/non_plat/system_server.te
+++ /dev/null
@@ -1,9 +0,0 @@
-# Date:2020/09/01
-# Operation:R Migration
-allow system_server proc_aed:dir search;
-
-# Search /proc/iommu/debug
-allow system_server proc_iommu_debug:dir search;
-
-# Search /proc/dmaheap
-allow system_server proc_dmaheap:dir search;
diff --git a/bsp/debug/non_plat/untrusted_app.te b/bsp/debug/non_plat/untrusted_app.te
deleted file mode 100644
index c03c690..0000000
--- a/bsp/debug/non_plat/untrusted_app.te
+++ /dev/null
@@ -1,9 +0,0 @@
-# Date : WK16.35
-# Operation : untrusted_app support direct-coredump abort message
-# Purpose :
-# avc: denied { write } for name="aee_interim" dev="dm-0" ino=8236
-# scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:coredump_file:s0
-# tclass=dir permissive=0
-userdebug_or_eng(`
- allow untrusted_app coredump_file:dir w_dir_perms;
-')
diff --git a/bsp/debug/non_plat/viarild.te b/bsp/debug/non_plat/viarild.te
deleted file mode 100644
index 04d4972..0000000
--- a/bsp/debug/non_plat/viarild.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# For Kryptowire mtklog issue
-allow viarild aee_aedv:unix_stream_socket connectto;
diff --git a/bsp/debug/plat_private/domain.te b/bsp/debug/plat_private/domain.te
deleted file mode 100644
index 1748f84..0000000
--- a/bsp/debug/plat_private/domain.te
+++ /dev/null
@@ -1,4 +0,0 @@
-# Date : WK17.29
-# Operation : Migration
-# Purpose : for aee dump systemAPI db, get backtrace
-allow domain crash_dump:process sigchld;
diff --git a/bsp/debug/plat_private/em_app.te b/bsp/debug/plat_private/em_app.te
deleted file mode 100644
index 9b70794..0000000
--- a/bsp/debug/plat_private/em_app.te
+++ /dev/null
@@ -1,2 +0,0 @@
-#For debug utils
-get_prop(em_app, system_mtk_persist_mtk_aee_prop)
diff --git a/bsp/debug/plat_private/emdlogger.te b/bsp/debug/plat_private/emdlogger.te
deleted file mode 100644
index fc7c51b..0000000
--- a/bsp/debug/plat_private/emdlogger.te
+++ /dev/null
@@ -1,7 +0,0 @@
-# ==============================================
-# Common SEPolicy Rule
-# ==============================================
-
-# get & set persist.vendor.radio.port_index proeprty
-set_prop(emdlogger, system_mtk_atci_sys_prop)
-
diff --git a/bsp/debug/plat_private/mobile_log_d.te b/bsp/debug/plat_private/mobile_log_d.te
deleted file mode 100644
index 2a70fab..0000000
--- a/bsp/debug/plat_private/mobile_log_d.te
+++ /dev/null
@@ -1,9 +0,0 @@
-# ==============================================
-# Common SEPolicy Rule
-# ==============================================
-
-# purpose: allow mobile_log_d to read persist.vendor.log.tel_dbg
-get_prop(mobile_log_d, system_mtk_em_tel_log_prop)
-
-# purpose: allow mobile_log_d to read persist.vendor.logmuch
-get_prop(mobile_log_d, system_mtk_logmuch_prop)
diff --git a/bsp/debug/plat_private/platform_app.te b/bsp/debug/plat_private/platform_app.te
deleted file mode 100644
index 3b183df..0000000
--- a/bsp/debug/plat_private/platform_app.te
+++ /dev/null
@@ -1,5 +0,0 @@
-# Date: 2021/07/16
-# Purpose : DebugLoggerUI support for telephony log settings
-# Package: com.debug.loggerui
-set_prop(platform_app, system_mtk_logmuch_prop)
-set_prop(platform_app, system_mtk_em_tel_log_prop)
\ No newline at end of file
diff --git a/bsp/debug/plat_private/system_server.te b/bsp/debug/plat_private/system_server.te
deleted file mode 100644
index 4d61c64..0000000
--- a/bsp/debug/plat_private/system_server.te
+++ /dev/null
@@ -1,7 +0,0 @@
-# Date : 2016/11/11
-# Purpose : Add permission for aee socket access to report Java Layer Exception
-allow system_server crash_dump:unix_stream_socket connectto;
-
-# Date:2020/12/23
-# Operation:R Migration, add permission for AMS read mtk_AEE_prop
-get_prop(system_server, system_mtk_persist_aee_prop)
diff --git a/sepolicy.mk b/sepolicy.mk
index d916271..4158387 100644
--- a/sepolicy.mk
+++ b/sepolicy.mk
@@ -3,19 +3,13 @@
BOARD_SEPOLICY_DIRS += \
$(MTK_SEPOLICY_PATH)/basic/non_plat \
- $(MTK_SEPOLICY_PATH)/basic/debug/non_plat \
$(MTK_SEPOLICY_PATH)/bsp/non_plat \
- $(MTK_SEPOLICY_PATH)/bsp/debug/non_plat \
$(MTK_SEPOLICY_PATH)/modem
SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += \
$(MTK_SEPOLICY_PATH)/basic/plat_private \
- $(MTK_SEPOLICY_PATH)/basic/debug/plat_private \
$(MTK_SEPOLICY_PATH)/bsp/plat_private \
- $(MTK_SEPOLICY_PATH)/bsp/debug/plat_private
SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += \
$(MTK_SEPOLICY_PATH)/basic/plat_public \
- $(MTK_SEPOLICY_PATH)/basic/debug/plat_public \
$(MTK_SEPOLICY_PATH)/bsp/plat_public \
- $(MTK_SEPOLICY_PATH)/bsp/debug/plat_public