From 8f568afad771b38fb5eb5e92801059f38ac9bc32 Mon Sep 17 00:00:00 2001
From: Chenbo Feng <fengc@google.com>
Date: Tue, 6 Feb 2018 18:15:24 +0000
Subject: [PATCH] Revert "Remove app access to qtaguid ctrl/stats file"

This reverts commit fad0b04de1f131aa64c6efa1314b3eb69f0bb9e9.

Reason for revert: This change crashed facebook App on dogfood build.

Bug: 72977484
Change-Id: I4f35b00c11afbd4914f572d3cc0378d740403ed2
---
 public/app.te | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/public/app.te b/public/app.te
index 1fd818645..3c29946c8 100644
--- a/public/app.te
+++ b/public/app.te
@@ -169,7 +169,15 @@ userdebug_or_eng(`
   allow appdomain heapdump_data_file:file append;
 ')
 
+# Write to /proc/net/xt_qtaguid/ctrl file.
+allow appdomain qtaguid_proc:file rw_file_perms;
 r_dir_file({ appdomain -ephemeral_app -isolated_app }, proc_net)
+# read /proc/net/xt_qtguid/*stat* to per-app network data usage.
+# Exclude isolated app which may not use network sockets.
+r_dir_file({ appdomain -isolated_app }, proc_qtaguid_stat)
+# Everybody can read the xt_qtaguid resource tracking misc dev.
+# So allow all apps to read from /dev/xt_qtaguid.
+allow { appdomain -isolated_app } qtaguid_device:chr_file r_file_perms;
 
 # Grant GPU access to all processes started by Zygote.
 # They need that to render the standard UI.
@@ -542,8 +550,3 @@ neverallow appdomain proc_uid_concurrent_policy_time:file *;
 
 # Apps cannot access proc_uid_cpupower
 neverallow appdomain proc_uid_cpupower:file *;
-
-# Apps cannot access proc/net/xt_qtaguid/ files anymore since P.
-neverallow { appdomain -shell } qtaguid_proc:file rw_file_perms;
-neverallow { appdomain -shell } proc_qtaguid_stat:{ file lnk_file } r_file_perms;
-neverallow { appdomain -shell } qtaguid_device:chr_file r_file_perms;
-- 
GitLab