deprecate domain_deprecated

Move device specific policy to a local device_domain_deprecated attribute
to focus effort on core policy.

Bug: 28760354
Change-Id: Id08cc74a3a2c7b8ff242b3c6f26bd514e6855a48

sepolicy/attributes

@@ -0,0 +1,4 @@
+# domain_deprecated attribute is being removed from core policy. Leave it
+# in device-specific policy for device-specific domains. Unlike core policy,
+# device-specific policy will eventually be deprecated.
+attribute device_domain_deprecated;

sepolicy/bluetooth_loader.te

@@ -1,5 +1,5 @@
 # Bluetooth executables and script (bdAddrLoader, init.flo.bt.sh)
-type bluetooth_loader, domain, domain_deprecated;
+type bluetooth_loader, domain, device_domain_deprecated;
 type bluetooth_loader_exec, exec_type, file_type;
 
 # Start bdAddrLoader from init

sepolicy/bridge.te

@@ -1,5 +1,5 @@
 # Bridge Manager (radio process)
-type bridge, domain, domain_deprecated;
+type bridge, domain, device_domain_deprecated;
 type bridge_exec, exec_type, file_type;
 
 # Started by init

sepolicy/camera.te

@@ -1,5 +1,5 @@
 # Qualcomm MSM camera
-type camera, domain, domain_deprecated;
+type camera, domain, device_domain_deprecated;
 type camera_exec, exec_type, file_type;
 
 # Started by init

sepolicy/conn_init.te

@@ -1,5 +1,5 @@
 # wifi connection service
-type conn_init, domain, domain_deprecated;
+type conn_init, domain, device_domain_deprecated;
 type conn_init_exec, exec_type, file_type;
 
 init_daemon_domain(conn_init)

sepolicy/device_domain_deprecated.te

@@ -0,0 +1,36 @@
+allow device_domain_deprecated adbd:unix_stream_socket connectto;
+allow device_domain_deprecated adbd:fd use;
+allow device_domain_deprecated adbd:unix_stream_socket { getattr getopt ioctl read write shutdown };
+allow device_domain_deprecated rootfs:dir r_dir_perms;
+allow device_domain_deprecated rootfs:file r_file_perms;
+allow device_domain_deprecated rootfs:lnk_file r_file_perms;
+allow device_domain_deprecated device:file read;
+allow device_domain_deprecated system_file:dir r_dir_perms;
+allow device_domain_deprecated system_file:file r_file_perms;
+allow device_domain_deprecated system_file:lnk_file r_file_perms;
+allow device_domain_deprecated system_data_file:file { getattr read };
+allow device_domain_deprecated system_data_file:lnk_file r_file_perms;
+allow device_domain_deprecated apk_data_file:dir { getattr search };
+allow device_domain_deprecated apk_data_file:file r_file_perms;
+allow device_domain_deprecated apk_data_file:lnk_file r_file_perms;
+allow device_domain_deprecated dalvikcache_data_file:dir { search getattr };
+allow device_domain_deprecated dalvikcache_data_file:file r_file_perms;
+allow device_domain_deprecated cache_file:dir r_dir_perms;
+allow device_domain_deprecated cache_file:file { getattr read };
+allow device_domain_deprecated cache_file:lnk_file r_file_perms;
+allow device_domain_deprecated ion_device:chr_file rw_file_perms;
+allow device_domain_deprecated proc:dir r_dir_perms;
+allow device_domain_deprecated proc:{ file lnk_file } r_file_perms;
+allow device_domain_deprecated sysfs:dir r_dir_perms;
+allow device_domain_deprecated sysfs:{ file lnk_file } r_file_perms;
+allow device_domain_deprecated inotify:dir r_dir_perms;
+allow device_domain_deprecated inotify:{ file lnk_file } r_file_perms;
+allow device_domain_deprecated cgroup:dir r_dir_perms;
+allow device_domain_deprecated cgroup:{ file lnk_file } r_file_perms;
+allow device_domain_deprecated proc_meminfo:file r_file_perms;
+allow device_domain_deprecated proc_net:dir r_dir_perms;
+allow device_domain_deprecated proc_net:{ file lnk_file } r_file_perms;
+allow device_domain_deprecated selinuxfs:dir r_dir_perms;
+allow device_domain_deprecated selinuxfs:file r_file_perms;
+allow device_domain_deprecated asec_public_file:file r_file_perms;
+allow device_domain_deprecated { asec_public_file asec_apk_file }:dir r_dir_perms;

sepolicy/irsc_util.te

@@ -1,5 +1,5 @@
 # irsc_util (used to configure IPC Router with security rules for QMI services)
-type irsc_util, domain, domain_deprecated;
+type irsc_util, domain, device_domain_deprecated;
 type irsc_util_exec, exec_type, file_type;
 
 init_daemon_domain(irsc_util)

sepolicy/kickstart.te

@@ -1,5 +1,5 @@
 # kickstart processes and scripts (system process)
-type kickstart, domain, domain_deprecated;
+type kickstart, domain, device_domain_deprecated;
 type kickstart_exec, file_type, exec_type;
 
 init_daemon_domain(kickstart)

sepolicy/mpdecision.te

@@ -1,5 +1,5 @@
 # CPU governor (root process)
-type mpdecision, domain, domain_deprecated;
+type mpdecision, domain, device_domain_deprecated;
 type mpdecision_exec, exec_type, file_type;
 
 # DAC overrides

sepolicy/netmgrd.te

@@ -1,5 +1,5 @@
 # Network utilities (radio process)
-type netmgrd, domain, domain_deprecated;
+type netmgrd, domain, device_domain_deprecated;
 type netmgrd_exec, exec_type, file_type;
 
 # Started by init

sepolicy/qmux.te

@@ -1,5 +1,5 @@
 # Qualcomm Management Interface Multiplexer
-type qmux, domain, domain_deprecated;
+type qmux, domain, device_domain_deprecated;
 type qmux_exec, exec_type, file_type;
 
 # Started by init

sepolicy/rmt.te

@@ -1,5 +1,5 @@
 # remote storage process (runs as nobody)
-type rmt, domain, domain_deprecated;
+type rmt, domain, device_domain_deprecated;
 type rmt_exec, exec_type, file_type;
 
 # Started by init

sepolicy/sensors.te

@@ -1,5 +1,5 @@
 # Integrated qualcomm sensor process
-type sensors, domain, domain_deprecated;
+type sensors, domain, device_domain_deprecated;
 type sensors_exec, exec_type, file_type;
 
 # Started by init

sepolicy/thermald.te

@@ -1,5 +1,5 @@
 # Temperature sensor daemon (root process)
-type thermald, domain, domain_deprecated;
+type thermald, domain, device_domain_deprecated;
 type thermald_exec, exec_type, file_type;
 
 # Started by init