untrusted_app_25: remove access to net.dns properties Bug: 33308258 Test: build Test: atest CtsSelinuxTargetSdk25TestCases Change-Id: I0bd3dc60dd95e9fb621933f45115a42bbcbc2ccc

commit: 28903d98298315722529a6756077cc752edf4714 [log] [tgz]
author: Jeff Vander Stoep <jeffv@google.com> Tue Oct 15 21:00:22 2019 +0200
committer: Jeff Vander Stoep <jeffv@google.com> Tue Oct 15 21:17:29 2019 +0200
tree: 1c319a7a842eb5eebfc621c92ffb1fddb8b3feff
parent: f53c57287d049400f706ec632f64f48bb6ab7137 [diff] [blame]
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index e5c6aee..5572f54 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te

@@ -37,9 +37,8 @@
 neverallow { all_untrusted_apps -mediaprovider } init:unix_stream_socket connectto;
 neverallow { all_untrusted_apps -mediaprovider } property_type:property_service set;
 
-# net.dns properties are not a public API. Temporarily exempt pre-Oreo apps,
-# but otherwise disallow untrusted apps from reading this property.
-neverallow { all_untrusted_apps -untrusted_app_25 } net_dns_prop:file read;
+# net.dns properties are not a public API. Disallow untrusted apps from reading this property.
+neverallow { all_untrusted_apps } net_dns_prop:file read;
 
 # Shared libraries created by trusted components within an app home
 # directory can be dlopen()ed. To maintain the W^X property, these files
commit	28903d98298315722529a6756077cc752edf4714	[log] [tgz]
author	Jeff Vander Stoep <jeffv@google.com>	Tue Oct 15 21:00:22 2019 +0200
committer	Jeff Vander Stoep <jeffv@google.com>	Tue Oct 15 21:17:29 2019 +0200
tree	1c319a7a842eb5eebfc621c92ffb1fddb8b3feff
parent	f53c57287d049400f706ec632f64f48bb6ab7137 [diff] [blame]