Remove neverallows for device domain

Wembley should not have additional constraint over what is specified in
AOSP. This CL removes relaxes some of those additional constraints.

Bug: 242344221
Bug: 242344229
Test: Presubmits pass
Change-Id: Ic6a36984fa0ee963774bf8299a3dc866c9020ef4

3 files changed, 0 insertions, 96 deletions

diff --git a/neverallows/non_plat/neverallows.te b/neverallows/non_plat/neverallows.te
index 64524ac..4c71456 100644
--- a/neverallows/non_plat/neverallows.te
+++ b/neverallows/non_plat/neverallows.te
@@ -218,38 +218,6 @@ full_treble_only(`
 #   hal_client_domain(cameraserver, hal_camera)
 #
 full_treble_only(`
-  neverallow ~{
-    apexd
-    cameraserver
-    fastbootd
-    hal_camera
-    hal_camera_default
-    hal_evs_default
-    init
-    mtk_hal_camera
-    otapreopt_chroot
-    recovery
-    shell
-    slideshow
-    system_server
-    vendor_init
-    vold
-    ueventd
-    } device:dir ~{ search getattr };
-
-  neverallow {
-    cameraserver
-    fastbootd
-    hal_camera
-    hal_camera_default
-    hal_evs_default
-    mtk_hal_camera
-    system_server
-    shell
-    slideshow
-    recovery
-    } device:dir ~r_dir_perms;
-
   neverallow init device:dir ~{ create_dir_perms mounton relabelto };
 
   neverallow vendor_init device:dir ~{ create_dir_perms mounton };
diff --git a/neverallows/plat_private/neverallows.te b/neverallows/plat_private/neverallows.te
index 695a6c7..1281248 100644
--- a/neverallows/plat_private/neverallows.te
+++ b/neverallows/plat_private/neverallows.te
@@ -116,44 +116,7 @@ full_treble_only(`
   neverallow system_server system_data_file:lnk_file ~create_file_perms;
 ')
 
-# Do not allow access to the generic device label. This is too broad.
-# Instead, if access to part of device is desired, it should have a
-# more specific label.
-# TODO: Remove hal_camera and so on once there are no violations.
-#
-#   allow hal_camera device:dir r_dir_perms;
-#   hal_client_domain(cameraserver, hal_camera)
-#
 full_treble_only(`
-    neverallow {
-    coredomain
-    -apexd
-    -cameraserver
-    -fastbootd
-    -hal_camera
-    -init
-    -otapreopt_chroot
-    -recovery
-    -shell
-    -slideshow
-    -system_server
-    -vendor_init
-    -vold
-    -ueventd
-    } device:dir ~{ search getattr };
-
-  neverallow init device:dir ~{ create_dir_perms mounton relabelto };
-
-  neverallow {
-    cameraserver
-    fastbootd
-    hal_camera
-    system_server
-    shell
-    slideshow
-    recovery
-    } device:dir ~r_dir_perms;
-
   neverallow vendor_init device:dir ~{ create_dir_perms mounton };
 
   neverallow vold device:dir ~{ search getattr write };
diff --git a/neverallows/plat_public/neverallows.te b/neverallows/plat_public/neverallows.te
index 1e1bce7..f130f1e 100644
--- a/neverallows/plat_public/neverallows.te
+++ b/neverallows/plat_public/neverallows.te
@@ -448,33 +448,6 @@ full_treble_only(`
 
   neverallow ueventd device:lnk_file ~{ r_file_perms create unlink };
 
-  neverallow {
-    coredomain
-    -apexd
-    -cameraserver
-    -fastbootd
-    -hal_camera
-    -init
-    -otapreopt_chroot
-    -recovery
-    -shell
-    -slideshow
-    -system_server
-    -vendor_init
-    -vold
-    -ueventd
-    } device:dir ~{ search getattr };
-
-  neverallow {
-    cameraserver
-    fastbootd
-    hal_camera
-    system_server
-    shell
-    slideshow
-    recovery
-    } device:dir ~r_dir_perms;
-
   neverallow init device:dir ~{ create_dir_perms mounton relabelto };
 
   neverallow vendor_init device:dir ~{ create_dir_perms mounton };