Clean up hikey selinux policy

Remove lots of: allow xyz kernel:system module_request; as these
are almost always spurious.

Remove any labeling of directories as shell_data_file.

Remove access to default labels and properties.

Remove empty gatord domain.

Remove rules already granted in core policy.
diff --git a/sepolicy/debuggerd.te b/sepolicy/debuggerd.te
deleted file mode 100644
index 308d1b1..0000000
--- a/sepolicy/debuggerd.te
+++ /dev/null
@@ -1 +0,0 @@
-allow debuggerd kernel:system module_request;
diff --git a/sepolicy/dex2oat.te b/sepolicy/dex2oat.te
deleted file mode 100644
index c6e8e73..0000000
--- a/sepolicy/dex2oat.te
+++ /dev/null
@@ -1 +0,0 @@
-allow dex2oat kernel:system module_request;
diff --git a/sepolicy/drmserver.te b/sepolicy/drmserver.te
deleted file mode 100644
index b98b158..0000000
--- a/sepolicy/drmserver.te
+++ /dev/null
@@ -1 +0,0 @@
-allow drmserver kernel:system module_request;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index ca1bf57..e97b068 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -1,9 +1,6 @@
-/data/linaro-android-kernel-test(/.*)?	u:object_r:shell_data_file:s0
-/data/linaro-android-userspace-test(/.*)?	u:object_r:shell_data_file:s0
-/data/nativebenchmark(/.*)?	u:object_r:shell_data_file:s0
-/dev/ttyAMA0   u:object_r:console_device:s0
-/dev/ttyAMA3   u:object_r:console_device:s0
+/dev/ttyAMA0           u:object_r:console_device:s0
+/dev/ttyAMA3           u:object_r:console_device:s0
 /dev/mali              u:object_r:gpu_device:s0
 /dev/dri/card0         u:object_r:gpu_device:s0
 /dev/hci_tty           u:object_r:hci_attach_dev:s0
-/system/bin/uim           u:object_r:hci_attach_exec:s0
+/system/bin/uim        u:object_r:hci_attach_exec:s0
diff --git a/sepolicy/gatord.te b/sepolicy/gatord.te
deleted file mode 100644
index 2943a9b..0000000
--- a/sepolicy/gatord.te
+++ /dev/null
@@ -1,3 +0,0 @@
-type gatord, domain, mlstrustedsubject;
-
-permissive gatord;
diff --git a/sepolicy/init.te b/sepolicy/init.te
deleted file mode 100644
index a8cca76..0000000
--- a/sepolicy/init.te
+++ /dev/null
@@ -1,7 +0,0 @@
-userdebug_or_eng(`
-    allow init su:process { transition dyntransition rlimitinh siginh };
-')
-allow init self:capability { sys_module };
-allow init self:tcp_socket create;
-allow init gatord:process { transition rlimitinh siginh };
-allow init kernel:system module_request;
diff --git a/sepolicy/kernel.te b/sepolicy/kernel.te
deleted file mode 100644
index 9be9fd4..0000000
--- a/sepolicy/kernel.te
+++ /dev/null
@@ -1 +0,0 @@
-allow kernel shell_data_file:file { read write };
diff --git a/sepolicy/logd.te b/sepolicy/logd.te
deleted file mode 100644
index a99d8bd..0000000
--- a/sepolicy/logd.te
+++ /dev/null
@@ -1,2 +0,0 @@
-allow logd property_socket:sock_file write;
-allow logd init:unix_stream_socket connectto;
diff --git a/sepolicy/mediaserver.te b/sepolicy/mediaserver.te
deleted file mode 100644
index 72acfbb..0000000
--- a/sepolicy/mediaserver.te
+++ /dev/null
@@ -1 +0,0 @@
-allow mediaserver debug_prop:property_service set;
diff --git a/sepolicy/netd.te b/sepolicy/netd.te
deleted file mode 100644
index 42717f5..0000000
--- a/sepolicy/netd.te
+++ /dev/null
@@ -1,5 +0,0 @@
-allow netd usermodehelper:file r_file_perms;
-allow netd debug_prop:property_service set;
-allow netd kernel:system module_request;
-allow netd gatord:fd use;
-allow netd gatord:tcp_socket rw_socket_perms;
diff --git a/sepolicy/shell.te b/sepolicy/shell.te
deleted file mode 100644
index f62b97a..0000000
--- a/sepolicy/shell.te
+++ /dev/null
@@ -1,16 +0,0 @@
-allow shell serial_device:chr_file rw_file_perms;
-
-# allow to use ndc command to enable dns work
-allow shell netd_socket:sock_file write;
-
-# hack for running netcfg eth0 dhcp/ifconfig/ping on console session
-allow shell self:packet_socket create_socket_perms;
-allow shell system_prop:property_service set;
-
-# hack for running start adbd/stop adbd on console session
-allow shell ctl_default_prop:property_service set;
-
-# hack for reading the mkshrc file after lava modified
-allow shell unlabeled:file r_file_perms;
-
-allow shell kernel:system module_request;
diff --git a/sepolicy/surfaceflinger.te b/sepolicy/surfaceflinger.te
deleted file mode 100644
index 1d54ead..0000000
--- a/sepolicy/surfaceflinger.te
+++ /dev/null
@@ -1,3 +0,0 @@
-allow surfaceflinger self:process execmem;
-allow surfaceflinger debug_prop:property_service set;
-allow surfaceflinger ashmem_device:chr_file execute;
diff --git a/sepolicy/zygote.te b/sepolicy/zygote.te
deleted file mode 100644
index 04fc7d3..0000000
--- a/sepolicy/zygote.te
+++ /dev/null
@@ -1 +0,0 @@
-allow zygote kernel:system module_request;