From 1eb94035cd6f1671ea74141f57b430f64eaf42e0 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Mon, 24 Feb 2014 09:08:57 -0500
Subject: [PATCH] Remove redundant socket rules.

These same permissions are already allowed via net_domain() and
the rules in net.te.

Change-Id: I4681fb9993258b4ad668333ad7d7102e983b5c2b
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 untrusted_app.te | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/untrusted_app.te b/untrusted_app.te
index 16499c1b0..85cf79e51 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -46,13 +46,6 @@ allow untrusted_app asec_apk_file:file r_file_perms;
 # Execute libs in asec containers.
 allow untrusted_app asec_public_file:file execute;
 
-# Create tcp/udp sockets
-allow untrusted_app node_type:{ tcp_socket udp_socket } node_bind;
-allow untrusted_app self:{ tcp_socket udp_socket } { create_socket_perms accept listen };
-# Bind to a particular hostname/address/interface (e.g., localhost) instead of
-# ANY. Normally, apps should not be listening on all interfaces.
-allow untrusted_app port:{ tcp_socket udp_socket } name_bind;
-
 # Allow the allocation and use of ptys
 # Used by: https://play.google.com/store/apps/details?id=jackpal.androidterm
 create_pty(untrusted_app)
-- 
GitLab