Revert "sdm660-common: sepolicy: Address many sys_admin and kill denials"

This reverts commit d05ecaa812.

sepolicy/private/adbroot.te

@@ -1 +0,0 @@
-allow adbroot self:capability sys_admin;

sepolicy/private/boringssl_self_test.te

@@ -1 +0,0 @@
-allow boringssl_self_test self:capability sys_admin;

sepolicy/private/fsverity_init.te

@@ -1 +0,0 @@
-allow fsverity_init self:capability sys_admin;

sepolicy/private/linkerconfig.te

@@ -1 +0,0 @@
-allow linkerconfig self:capability sys_admin;

sepolicy/private/migrate_legacy_obb_data.te

@@ -1 +0,0 @@
-allow migrate_legacy_obb_data self:capability sys_admin;

sepolicy/private/vendor_boringssl_self_test.te

@@ -1 +0,0 @@
-allow vendor_boringssl_self_test self:capability sys_admin;

sepolicy/vendor/adbd.te

@@ -1 +0,0 @@
-allow adbd self:capability sys_admin;

sepolicy/vendor/fsck.te

@@ -1 +0,0 @@
-allow fsck self:capability sys_admin;

sepolicy/vendor/hal_power_default.te

@@ -9,7 +9,6 @@ allow hal_power_default { sysfs_devfreq sysfs_kgsl }:{ file lnk_file } rw_file_p
 allow hal_power_default sysfs_devices_system_cpu:file rw_file_perms;
 allow hal_power_default sysfs_touchpanel:dir search;
 allow hal_power_default sysfs_touchpanel:file rw_file_perms;
-allow hal_power_default self:capability { kill sys_admin };
 
 r_dir_file(hal_power_default, sysfs_graphics)
 set_prop(hal_power_default, vendor_power_prop)

sepolicy/vendor/hal_wifi_supplicant_default.te

@@ -1 +0,0 @@
-allow hal_wifi_supplicant_default self:capability sys_admin;

sepolicy/vendor/hvdcp.te

@@ -1,2 +1 @@
 allow hvdcp vendor_sysfs_hvdcp:file r_file_perms;
-allow hvdcp self:capability sys_admin;

sepolicy/vendor/irsc_util.te

@@ -1 +0,0 @@
-allow irsc_util self:capability sys_admin;

sepolicy/vendor/netmgrd.te

@@ -1,3 +1 @@
-allow netmgrd self:capability sys_admin;
-
 set_prop(netmgrd, vendor_radio_prop)

sepolicy/vendor/qti_init_shell.te

@@ -2,7 +2,6 @@ allow qti_init_shell ctl_start_prop:property_service set;
 allow qti_init_shell ctl_stop_prop:property_service set;
 allow qti_init_shell self:perf_event cpu;
 allow qti_init_shell sysfs:file { setattr write };
-allow qti_init_shell self:capability kill;
 
 dontaudit qti_init_shell system_prop:property_service set;
 dontaudit qti_init_shell self:capability { dac_override dac_read_search };

sepolicy/vendor/rfs_access.te

@@ -1 +0,0 @@
-allow rfs_access self:capability sys_admin;

sepolicy/vendor/rmt_storage.te

@@ -1 +0,0 @@
-allow rmt_storage self:capability sys_admin;

sepolicy/vendor/thermal-engine.te

@@ -1,7 +1,7 @@
 allow thermal-engine thermal_data_file:dir rw_dir_perms;
 allow thermal-engine thermal_data_file:file create_file_perms;
 allow thermal-engine sysfs:dir r_dir_perms;
-allow thermal-engine self:capability { chown fowner sys_admin };
+allow thermal-engine self:capability { chown fowner };
 
 set_prop(thermal-engine, thermal_engine_prop);
 r_dir_file(thermal-engine, sysfs_thermal)

sepolicy/vendor/toolbox.te

@@ -1 +0,0 @@
-allow toolbox self:capability { kill sys_admin };

sepolicy/vendor/ueventd.te

@@ -1,2 +1 @@
 allow ueventd metadata_file:dir search;
-allow ueventd self:capability { kill sys_admin };

sepolicy/vendor/usbd.te

@@ -1 +0,0 @@
-allow usbd self:capability sys_admin;

sepolicy/vendor/vdc.te

@@ -1 +0,0 @@
-allow vdc self:capability sys_admin;

sepolicy/vendor/vendor_dpmd.te

@@ -1 +0,0 @@
-allow vendor_dpmd self:capability sys_admin;

sepolicy/vendor/vendor_modprobe.te

@@ -1 +0,0 @@
-allow vendor_modprobe self:capability sys_admin;

sepolicy/vendor/vendor_msm_irqbalanced.te

@@ -1 +0,0 @@
-allow vendor_msm_irqbalanced self:capability sys_admin;

sepolicy/vendor/vendor_pd_mapper.te

@@ -1 +0,0 @@
-allow vendor_pd_mapper self:capability sys_admin;

sepolicy/vendor/vold_prepare_subdirs.te

@@ -1 +0,0 @@
-allow vold_prepare_subdirs self:capability sys_admin;