Remove apex_key_file
We no longer have /system/etc/security/apex/* as the public keys are all
bundled in APEXes. Removing the selinux label and policies for it.
Bug: 936942
Test: device is bootable
Change-Id: I6b6144a8d15910d1ba8584a0778244ed398dc615
diff --git a/private/apexd.te b/private/apexd.te
index 54af86a..6066fd6 100644
--- a/private/apexd.te
+++ b/private/apexd.te
@@ -2,10 +2,6 @@
init_daemon_domain(apexd)
-# Read /system/etc/security/apex_debug_key
-allow apexd apex_key_file:dir { search getattr };
-allow apexd apex_key_file:file r_file_perms;
-
# Allow creating, reading and writing of APEX files/dirs in the APEX data dir
allow apexd apex_data_file:dir create_dir_perms;
allow apexd apex_data_file:file create_file_perms;
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 13da8ec..d47c771 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -12,7 +12,6 @@
apex_data_file
apex_metadata_file
apex_mnt_dir
- apex_key_file
apex_service
apexd
apexd_exec
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 074a75f..b39dd4b 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -11,7 +11,6 @@
apex_data_file
apex_metadata_file
apex_mnt_dir
- apex_key_file
apex_service
apexd
apexd_exec
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 6267922..5fa2631 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -10,7 +10,6 @@
apex_data_file
apex_metadata_file
apex_mnt_dir
- apex_key_file
apex_service
apexd
apexd_exec
diff --git a/private/file_contexts b/private/file_contexts
index 3e8cf19..ad374d9 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -302,7 +302,6 @@
/system/etc/ld\.config.* u:object_r:system_linker_config_file:s0
/system/etc/seccomp_policy(/.*)? u:object_r:system_seccomp_policy_file:s0
/system/etc/security/cacerts(/.*)? u:object_r:system_security_cacerts_file:s0
-/system/etc/security/apex(/.*)? u:object_r:apex_key_file:s0
/system/etc/selinux/mapping/[0-9]+\.[0-9]+\.cil u:object_r:sepolicy_file:s0
/system/etc/selinux/plat_mac_permissions\.xml u:object_r:mac_perms_file:s0
/system/etc/selinux/plat_property_contexts u:object_r:property_contexts_file:s0
@@ -393,7 +392,6 @@
/(product|system/product)(/.*)? u:object_r:system_file:s0
/(product|system/product)/overlay(/.*)? u:object_r:vendor_overlay_file:s0
-/(product|system/product)/etc/security/apex(/.*)? u:object_r:apex_key_file:s0
/(product|system/product)/etc/selinux/product_file_contexts u:object_r:file_contexts_file:s0
/(product|system/product)/etc/selinux/product_hwservice_contexts u:object_r:hwservice_contexts_file:s0
/(product|system/product)/etc/selinux/product_property_contexts u:object_r:property_contexts_file:s0
diff --git a/public/file.te b/public/file.te
index ccf6d85..58acfca 100644
--- a/public/file.te
+++ b/public/file.te
@@ -154,8 +154,6 @@
type system_linker_config_file, system_file_type, file_type;
# Default type for linker config /system/etc/seccomp_policy/*.
type system_seccomp_policy_file, system_file_type, file_type;
-# Default type for APEX keys in /system/etc/security/apex/*
-type apex_key_file, system_file_type, file_type;
# Default type for cacerts in /system/etc/security/cacerts/*.
type system_security_cacerts_file, system_file_type, file_type;
# Default type for /system/bin/tcpdump.