From 678082147d7cd4f11a46c5c25d8dc8719c735094 Mon Sep 17 00:00:00 2001
From: Jeffrey Vander Stoep <jeffv@google.com>
Date: Fri, 22 Dec 2017 03:44:48 +0000
Subject: [PATCH] Revert "Audit app access to /proc/net/*"

This reverts commit 84f9685972714ac0a897be99ac1b49bd24447f3a.

Fixes: 70874565
Reason for revert: massive logspam during phone calls.

Change-Id: If00e46535f71209eea999e4d5d499bf40a5f16fd
---
 private/app.te               | 1 -
 private/compat/26.0/26.0.cil | 4 +---
 private/genfs_contexts       | 1 -
 public/app.te                | 1 -
 public/domain.te             | 4 ----
 public/file.te               | 1 -
 6 files changed, 1 insertion(+), 11 deletions(-)

diff --git a/private/app.te b/private/app.te
index ef267f232..9c4461cc5 100644
--- a/private/app.te
+++ b/private/app.te
@@ -1,4 +1,3 @@
 # TODO: deal with tmpfs_domain pub/priv split properly
 # Read system properties managed by zygote.
 allow appdomain zygote_tmpfs:file read;
-
diff --git a/private/compat/26.0/26.0.cil b/private/compat/26.0/26.0.cil
index 064756eb2..47c58cabd 100644
--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@@ -488,9 +488,7 @@
 (typeattributeset proc_meminfo_26_0 (proc_meminfo))
 (typeattributeset proc_misc_26_0 (proc_misc))
 (typeattributeset proc_modules_26_0 (proc_modules))
-(typeattributeset proc_net_26_0
-  ( proc_net
-    proc_net_xt_qtaguid_stats))
+(typeattributeset proc_net_26_0 (proc_net))
 (typeattributeset proc_overcommit_memory_26_0 (proc_overcommit_memory))
 (typeattributeset proc_perf_26_0 (proc_perf))
 (typeattributeset proc_security_26_0 (proc_security))
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 0b3c10256..e0cafa48b 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -17,7 +17,6 @@ genfscon proc /modules u:object_r:proc_modules:s0
 genfscon proc /mounts u:object_r:proc_mounts:s0
 genfscon proc /net u:object_r:proc_net:s0
 genfscon proc /net/xt_qtaguid/ctrl u:object_r:qtaguid_proc:s0
-genfscon proc /net/xt_qtaguid/stats u:object_r:proc_net_xt_qtaguid_stats:s0
 genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
 genfscon proc /pagetypeinfo u:object_r:proc_pagetypeinfo:s0
 genfscon proc /softirqs u:object_r:proc_timer:s0
diff --git a/public/app.te b/public/app.te
index ca14afced..3b0495580 100644
--- a/public/app.te
+++ b/public/app.te
@@ -173,7 +173,6 @@ userdebug_or_eng(`
 allow appdomain qtaguid_proc:file rw_file_perms;
 # read /proc/net/xt_qtguid/stats
 r_dir_file({ appdomain -ephemeral_app}, proc_net)
-auditallow appdomain proc_net:file *; # ({ appdomain -ephemeral_app}, proc_net)
 # Everybody can read the xt_qtaguid resource tracking misc dev.
 # So allow all apps to read from /dev/xt_qtaguid.
 allow appdomain qtaguid_device:chr_file r_file_perms;
diff --git a/public/domain.te b/public/domain.te
index f76ce6ba9..f9b66880e 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -24,10 +24,6 @@ allow domain self:process {
 allow domain self:fd use;
 allow domain proc:dir r_dir_perms;
 allow domain proc_net:dir search;
-# STOPSHIP remove (b/70722355). This is granted temporarily to gather info
-# on uses of /proc/net/. /proc/net/xt_qtaguid/stats is broadly used including
-# by apps.
-allow domain proc_net_xt_qtaguid_stats:file r_file_perms;
 r_dir_file(domain, self)
 allow domain self:{ fifo_file file } rw_file_perms;
 allow domain self:unix_dgram_socket { create_socket_perms sendto };
diff --git a/public/file.te b/public/file.te
index 130673691..be91f4e53 100644
--- a/public/file.te
+++ b/public/file.te
@@ -33,7 +33,6 @@ type proc_misc, fs_type;
 type proc_modules, fs_type;
 type proc_mounts, fs_type;
 type proc_net, fs_type;
-type proc_net_xt_qtaguid_stats, fs_type;
 type proc_overflowuid, fs_type;
 type proc_page_cluster, fs_type;
 type proc_pagetypeinfo, fs_type;
-- 
GitLab