policy-deny: Remove SMACK support

Similar to Waltham, SMACK hasn't been really used and it was actually
a compile option, showing as a example the deny policy. The RBA and the
allow-all policy still available, and we can revisit the policy
mechanism if we plan on switching to SELinux.

Bug-AGL: SPEC-4806
Signed-off-by: Marius Vlad <marius.vlad@collabora.com>
Change-Id: Iedac63585676ebc47201debcf73870cb0538cc09

3 files changed, 0 insertions, 91 deletions

diff --git a/meson.build b/meson.build
index 2079fb1..4d846d2 100644
--- a/meson.build
+++ b/meson.build
@@ -42,7 +42,6 @@ foreach func: optional_libc_funcs
 endforeach
 
 dep_libsystemd = dependency('libsystemd', required: false)
-dep_libsmack = dependency('libsmack', required: false)
 dep_scanner = dependency('wayland-scanner')
 prog_scanner = find_program(dep_scanner.get_pkgconfig_variable('wayland_scanner'))
 dep_wp = dependency('wayland-protocols', version: '>= 1.18')
@@ -206,11 +205,6 @@ if deps_remoting.length() == depnames.length()
   message('Found remoting depends, enabling remoting')
 endif
 
-if dep_libsmack.found()
-  config_h.set('HAVE_SMACK', 1)
-  deps_libweston += dep_libsmack
-endif
-
 dir_module_agl_compositor = join_paths(join_paths(prefix_path, get_option('libdir')), 'agl-compositor')
 
 libexec_compositor = shared_library(
diff --git a/src/policy-default.c b/src/policy-default.c
index 8d70684..fa22097 100644
--- a/src/policy-default.c
+++ b/src/policy-default.c
@@ -26,10 +26,6 @@
 #include "ivi-compositor.h"
 #include "policy.h"
 
-#ifdef HAVE_SMACK
-#include <sys/smack.h>
-#endif
-
 #include <string.h>
 
 /*
diff --git a/src/policy-deny.c b/src/policy-deny.c
index 823f331..f36f21e 100644
--- a/src/policy-deny.c
+++ b/src/policy-deny.c
@@ -26,29 +26,9 @@
 #include "ivi-compositor.h"
 #include "policy.h"
 
-#ifdef HAVE_SMACK
-#include <sys/smack.h>
-#endif
-
 #include <string.h>
 #include "shared/helpers.h"
 
-#ifdef HAVE_SMACK
-static const char *const bind_agl_shell[] = {
-	"User::App::homescreen",
-	"User::App::cluster-gauges"	/* cluster-dashboard */
-};
-
-static const char *const bind_agl_shell_desktop[] = {
-	"User::App::launcher",
-	"User::App::alexa-viewer",
-	"User::App::tbtnavi",
-	"User::App::hvac",
-	"User::App::xdg-cluster-receiver",		/* cluster-receiver, native XDG app*/
-	"User::App::cluster-receiver"			/* cluster-receiver, Qt app  */
-};
-#endif
-
 static const char *const applications_permitted[] = {
 	"homescreen", "alexa-viewer", "launcher", "hvac",
 	"navigation", "mediaplayer"
@@ -67,31 +47,6 @@ ivi_policy_verify_permitted_app(const char *app_id)
 	return false;
 }
 
-#ifdef HAVE_SMACK
-/* helper to determine which applications are allowed to bind to the
- * private extensions
- */
-static bool
-ivi_policy_check_bind_agl_shell(const char *app_id)
-{
-	for (size_t i = 0; i < ARRAY_LENGTH(bind_agl_shell); i++)
-		if (strcmp(app_id, bind_agl_shell[i]) == 0)
-			return true;
-
-	return false;
-}
-
-static bool
-ivi_policy_check_bind_agl_shell_desktop(const char *app_id)
-{
-	for (size_t i = 0; i < ARRAY_LENGTH(bind_agl_shell_desktop); i++)
-		if (strcmp(app_id, bind_agl_shell_desktop[i]) == 0)
-			return true;
-
-	return false;
-}
-#endif
-
 static bool
 ivi_policy_verify_ivi_surface(struct ivi_surface *surf)
 {
@@ -145,47 +100,11 @@ ivi_policy_default_surface_advertise_state_change(struct ivi_surface *surf, void
 	return ivi_policy_verify_ivi_surface(surf);
 }
 
-#ifdef HAVE_SMACK
-static bool
-ivi_policy_default_shell_bind_interface(void *client, void *interface)
-{
-	struct wl_interface *shell_interface = interface;
-	struct wl_client *conn_client = client;
-
-	pid_t pid, uid, gid;
-	int client_fd;
-	char *label;
-	bool ret = false;
-
-	wl_client_get_credentials(conn_client, &pid, &uid, &gid);
-
-	client_fd = wl_client_get_fd(conn_client);
-	if (smack_new_label_from_socket(client_fd, &label) < 0) {
-		return ret;
-	}
-
-	if (strcmp(shell_interface->name, "agl_shell") == 0)
-		ret = ivi_policy_check_bind_agl_shell(label);
-
-	if (strcmp(shell_interface->name, "agl_shell_desktop") == 0)
-		ret = ivi_policy_check_bind_agl_shell_desktop(label);
-
-	if (ret)
-		weston_log("Client with pid %d, uid %d, gid %d, allowed "
-				"to bind to %s for label %s\n", pid, uid, gid,
-				shell_interface->name, label);
-
-	/* client responsible for free'ing */
-	free(label);
-	return ret;
-}
-#else
 static bool
 ivi_policy_default_shell_bind_interface(void *client, void *interface)
 {
 	return false;
 }
-#endif
 
 static bool
 ivi_policy_default_allow_to_add(void *user_data)