Skip to content
Snippets Groups Projects
Commit 67808214 authored by Jeffrey Vander Stoep's avatar Jeffrey Vander Stoep Committed by Jeff Vander Stoep
Browse files

Revert "Audit app access to /proc/net/*"

This reverts commit 84f96859.

Fixes: 70874565
Reason for revert: massive logspam during phone calls.

Change-Id: If00e46535f71209eea999e4d5d499bf40a5f16fd
parent df809408
No related branches found
No related tags found
No related merge requests found
# TODO: deal with tmpfs_domain pub/priv split properly
# Read system properties managed by zygote.
allow appdomain zygote_tmpfs:file read;
......@@ -488,9 +488,7 @@
(typeattributeset proc_meminfo_26_0 (proc_meminfo))
(typeattributeset proc_misc_26_0 (proc_misc))
(typeattributeset proc_modules_26_0 (proc_modules))
(typeattributeset proc_net_26_0
( proc_net
proc_net_xt_qtaguid_stats))
(typeattributeset proc_net_26_0 (proc_net))
(typeattributeset proc_overcommit_memory_26_0 (proc_overcommit_memory))
(typeattributeset proc_perf_26_0 (proc_perf))
(typeattributeset proc_security_26_0 (proc_security))
......
......@@ -17,7 +17,6 @@ genfscon proc /modules u:object_r:proc_modules:s0
genfscon proc /mounts u:object_r:proc_mounts:s0
genfscon proc /net u:object_r:proc_net:s0
genfscon proc /net/xt_qtaguid/ctrl u:object_r:qtaguid_proc:s0
genfscon proc /net/xt_qtaguid/stats u:object_r:proc_net_xt_qtaguid_stats:s0
genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
genfscon proc /pagetypeinfo u:object_r:proc_pagetypeinfo:s0
genfscon proc /softirqs u:object_r:proc_timer:s0
......
......@@ -173,7 +173,6 @@ userdebug_or_eng(`
allow appdomain qtaguid_proc:file rw_file_perms;
# read /proc/net/xt_qtguid/stats
r_dir_file({ appdomain -ephemeral_app}, proc_net)
auditallow appdomain proc_net:file *; # ({ appdomain -ephemeral_app}, proc_net)
# Everybody can read the xt_qtaguid resource tracking misc dev.
# So allow all apps to read from /dev/xt_qtaguid.
allow appdomain qtaguid_device:chr_file r_file_perms;
......
......@@ -24,10 +24,6 @@ allow domain self:process {
allow domain self:fd use;
allow domain proc:dir r_dir_perms;
allow domain proc_net:dir search;
# STOPSHIP remove (b/70722355). This is granted temporarily to gather info
# on uses of /proc/net/. /proc/net/xt_qtaguid/stats is broadly used including
# by apps.
allow domain proc_net_xt_qtaguid_stats:file r_file_perms;
r_dir_file(domain, self)
allow domain self:{ fifo_file file } rw_file_perms;
allow domain self:unix_dgram_socket { create_socket_perms sendto };
......
......@@ -33,7 +33,6 @@ type proc_misc, fs_type;
type proc_modules, fs_type;
type proc_mounts, fs_type;
type proc_net, fs_type;
type proc_net_xt_qtaguid_stats, fs_type;
type proc_overflowuid, fs_type;
type proc_page_cluster, fs_type;
type proc_pagetypeinfo, fs_type;
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment