Block access to xt_qtaguid proc files

In the next Android release, there will be devices that have no
xt_qtaguid module at all and framework and netd will decide which code
path it takes for trafficStats depending on the device setup. So all
apps and services should not depend on this device specific
implementation anymore and use public API for the data they need.

Bug: 114475331
Bug: 79938294
Test: QtaguidPermissionTest

Change-Id: I0d37b2df23782eefa2e8977c6cdbf9210db3e0d2
diff --git a/private/priv_app.te b/private/priv_app.te
index 101c448..341101b 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -92,21 +92,6 @@
 userdebug_or_eng(`
   auditallow priv_app proc_net_type:{ dir file lnk_file } { getattr open read };
 ')
-# TODO(b/68774956) qtaguid access has been moved to netd. Access is deprecated. Audit for
-# removal.
-allow priv_app proc_qtaguid_ctrl:file rw_file_perms;
-userdebug_or_eng(`
-  auditallow priv_app proc_qtaguid_ctrl:file rw_file_perms;
-')
-r_dir_file(priv_app, proc_qtaguid_stat)
-userdebug_or_eng(`
-  auditallow priv_app proc_qtaguid_stat:dir r_dir_perms;
-  auditallow priv_app proc_qtaguid_stat:file r_file_perms;
-')
-allow priv_app qtaguid_device:chr_file r_file_perms;
-userdebug_or_eng(`
-  auditallow priv_app qtaguid_device:chr_file r_file_perms;
-')
 
 allow priv_app sysfs_type:dir search;
 # Read access to /sys/class/net/wlan*/address
diff --git a/private/untrusted_app_25.te b/private/untrusted_app_25.te
index 48a7c45..61c9a81 100644
--- a/private/untrusted_app_25.te
+++ b/private/untrusted_app_25.te
@@ -41,12 +41,6 @@
 # This will go away in a future Android release
 allow untrusted_app_25 proc_tty_drivers:file r_file_perms;
 
-# qtaguid access. This is not a public API. Access will be removed in a
-# future version of Android.
-allow untrusted_app_25 proc_qtaguid_ctrl:file rw_file_perms;
-r_dir_file(untrusted_app_25, proc_qtaguid_stat)
-allow untrusted_app_25 qtaguid_device:chr_file r_file_perms;
-
 # Text relocation support for API < 23
 # https://android.googlesource.com/platform/bionic/+/master/android-changes-for-ndk-developers.md#text-relocations-enforced-for-api-level-23
 allow untrusted_app_25 { apk_data_file app_data_file asec_public_file }:file execmod;
diff --git a/private/untrusted_app_27.te b/private/untrusted_app_27.te
index 22a9343..79c7762 100644
--- a/private/untrusted_app_27.te
+++ b/private/untrusted_app_27.te
@@ -26,9 +26,3 @@
 untrusted_app_domain(untrusted_app_27)
 net_domain(untrusted_app_27)
 bluetooth_domain(untrusted_app_27)
-
-# qtaguid access. This is not a public API. Access will be removed in a
-# future version of Android.
-allow untrusted_app_27 proc_qtaguid_ctrl:file rw_file_perms;
-r_dir_file(untrusted_app_27, proc_qtaguid_stat)
-allow untrusted_app_27 qtaguid_device:chr_file r_file_perms;
diff --git a/public/shell.te b/public/shell.te
index 1b199a3..7a0eb46 100644
--- a/public/shell.te
+++ b/public/shell.te
@@ -129,7 +129,6 @@
   proc_meminfo
   proc_modules
   proc_pid_max
-  proc_qtaguid_stat
   proc_slabinfo
   proc_stat
   proc_timer