From 18f5453ee1c0e63b6feea00f7d8595898cb8aa27 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Tue, 21 May 2013 13:09:38 -0400
Subject: Restore support for labeling non-system apps based on their
 certificate.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Change-Id: I814411cbc8d16eaed99a1389f5487529e36e637b
---
 services/java/com/android/server/pm/SELinuxMMAC.java | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/services/java/com/android/server/pm/SELinuxMMAC.java b/services/java/com/android/server/pm/SELinuxMMAC.java
index 65f9052..b73d75a 100644
--- a/services/java/com/android/server/pm/SELinuxMMAC.java
+++ b/services/java/com/android/server/pm/SELinuxMMAC.java
@@ -483,17 +483,6 @@ public final class SELinuxMMAC {
      * @return boolean Indicates whether the package passed policy.
      */
     public static boolean passInstallPolicyChecks(PackageParser.Package pkg) {
-
-        /*
-         * Non system installed apps should be treated the same. This
-         * means that any post-loaded apk will be assigned the default
-         * tag, if one exists in the policy, else null, without respect
-         * to the signing key.
-         */
-
-        if (((pkg.applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) ||
-            ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_UPDATED_SYSTEM_APP) != 0)) {
-
             // We just want one of the signatures to match.
             for (Signature s : pkg.mSignatures) {
                 if (s == null)
@@ -525,7 +514,6 @@ public final class SELinuxMMAC {
                 }
                 return passed;
             }
-        }
 
         // Check for a default policy.
         if (SIG_POLICY.containsKey(null)) {
-- 
cgit v1.1