Revert "Allow vold_prepare_subdirs to use apex_service"
Revert submission 2685449-apexdata-dirs
Reason for revert: b/295345486 performance regression.
Reverted changes: /q/submissionid:2685449-apexdata-dirs
Change-Id: Iceb277cd8a291fb008b45310cc03b5df2057f08c
diff --git a/private/vold_prepare_subdirs.te b/private/vold_prepare_subdirs.te
index 0dcbe50..ddb2828 100644
--- a/private/vold_prepare_subdirs.te
+++ b/private/vold_prepare_subdirs.te
@@ -53,12 +53,6 @@
allow vold_prepare_subdirs user_profile_data_file:dir { search getattr relabelfrom };
allow vold_prepare_subdirs user_profile_root_file:dir { search getattr relabelfrom relabelto };
-# vold_prepare_subdirs asks apex_service for the list of APEXes
-# to prepapre apexdata dirs.
-binder_use(vold_prepare_subdirs)
-binder_call(vold_prepare_subdirs, apexd)
-allow vold_prepare_subdirs apex_service:service_manager find;
-
# Migrate legacy labels to apex_system_server_data_file (b/217581286)
allow vold_prepare_subdirs {
apex_appsearch_data_file
diff --git a/public/apexd.te b/public/apexd.te
index 0b8073e..53bc569 100644
--- a/public/apexd.te
+++ b/public/apexd.te
@@ -5,7 +5,7 @@
binder_use(apexd)
add_service(apexd, apex_service)
-neverallow { domain -init -apexd -system_server -update_engine -vold_prepare_subdirs} apex_service:service_manager find;
-neverallow { domain -init -apexd -system_server -servicemanager -update_engine -vold_prepare_subdirs} apexd:binder call;
+neverallow { domain -init -apexd -system_server -update_engine } apex_service:service_manager find;
+neverallow { domain -init -apexd -system_server -servicemanager -update_engine } apexd:binder call;
neverallow { domain userdebug_or_eng(`-crash_dump') } apexd:process ptrace;