Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 21eed51185a118dffcbbfaad0e77a3bca52689f5^1..21eed51185a118dffcbbfaad0e77a3bca52689f5 / .
commit21eed51185a118dffcbbfaad0e77a3bca52689f5[log] [tgz]
authorTreehugger Robot <treehugger-gerrit@google.com>Fri Sep 28 18:35:47 2018 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>Fri Sep 28 18:35:47 2018 +0000
tree08c220711f47dc337080e7f8a2247bdeb426cb16
parentda427a33c95fc0d0f3e002f04eb9e10fcc2b6442 [diff]
parent16dbe82eaf2e5c4621b6a43a3d55c94c2443c1f9 [diff]
Merge "Block access to xt_qtaguid proc files"
diff --git a/private/priv_app.te b/private/priv_app.te
index 101c448..341101b 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te

@@ -92,21 +92,6 @@
 userdebug_or_eng(`
   auditallow priv_app proc_net_type:{ dir file lnk_file } { getattr open read };
 ')
-# TODO(b/68774956) qtaguid access has been moved to netd. Access is deprecated. Audit for
-# removal.
-allow priv_app proc_qtaguid_ctrl:file rw_file_perms;
-userdebug_or_eng(`
-  auditallow priv_app proc_qtaguid_ctrl:file rw_file_perms;
-')
-r_dir_file(priv_app, proc_qtaguid_stat)
-userdebug_or_eng(`
-  auditallow priv_app proc_qtaguid_stat:dir r_dir_perms;
-  auditallow priv_app proc_qtaguid_stat:file r_file_perms;
-')
-allow priv_app qtaguid_device:chr_file r_file_perms;
-userdebug_or_eng(`
-  auditallow priv_app qtaguid_device:chr_file r_file_perms;
-')
 
 allow priv_app sysfs_type:dir search;
 # Read access to /sys/class/net/wlan*/address

diff --git a/private/untrusted_app_25.te b/private/untrusted_app_25.te
index 48a7c45..61c9a81 100644
--- a/private/untrusted_app_25.te
+++ b/private/untrusted_app_25.te

@@ -41,12 +41,6 @@
 # This will go away in a future Android release
 allow untrusted_app_25 proc_tty_drivers:file r_file_perms;
 
-# qtaguid access. This is not a public API. Access will be removed in a
-# future version of Android.
-allow untrusted_app_25 proc_qtaguid_ctrl:file rw_file_perms;
-r_dir_file(untrusted_app_25, proc_qtaguid_stat)
-allow untrusted_app_25 qtaguid_device:chr_file r_file_perms;
-
 # Text relocation support for API < 23
 # https://android.googlesource.com/platform/bionic/+/master/android-changes-for-ndk-developers.md#text-relocations-enforced-for-api-level-23
 allow untrusted_app_25 { apk_data_file app_data_file asec_public_file }:file execmod;

diff --git a/private/untrusted_app_27.te b/private/untrusted_app_27.te
index 22a9343..79c7762 100644
--- a/private/untrusted_app_27.te
+++ b/private/untrusted_app_27.te

@@ -26,9 +26,3 @@
 untrusted_app_domain(untrusted_app_27)
 net_domain(untrusted_app_27)
 bluetooth_domain(untrusted_app_27)
-
-# qtaguid access. This is not a public API. Access will be removed in a
-# future version of Android.
-allow untrusted_app_27 proc_qtaguid_ctrl:file rw_file_perms;
-r_dir_file(untrusted_app_27, proc_qtaguid_stat)
-allow untrusted_app_27 qtaguid_device:chr_file r_file_perms;

diff --git a/public/shell.te b/public/shell.te
index 1b199a3..7a0eb46 100644
--- a/public/shell.te
+++ b/public/shell.te

@@ -129,7 +129,6 @@
   proc_meminfo
   proc_modules
   proc_pid_max
-  proc_qtaguid_stat
   proc_slabinfo
   proc_stat
   proc_timer