commit 7f4a2ab9fecb1d1a0bfd83f2dfb97fd2e64e5c3e
author Hungming Chen <nuccachen@google.com> Fri Jan 14 18:04:02 2022 +0800
committer Hungming Chen <nuccachen@google.com> Sun Jan 16 14:28:57 2022 +0800
tree 380ae6f333d23bfac1e951fed641fe1193c3756f
parent d6a5b604cef4acea5943c058153e30d65197c55a

clatd: remove spurious privs

Since the clatd has some code cleanup, these privs are not required
anymore.

Bug: 212345928
Test: manual test
1. Connect to ipv6-only wifi.
2. Try IPv4 traffic.
   $ ping 8.8.8.8

Change-Id: Ib801a190f9c14ee488bc77a43ac59c78c44773ab

private/clatd.te

diff --git a/private/clatd.te b/private/clatd.te
index da6820c..57eee78 100644
--- a/private/clatd.te
+++ b/private/clatd.te
@@ -4,18 +4,10 @@
 
 net_domain(clatd)
 
-r_dir_file(clatd, proc_net_type)
-userdebug_or_eng(`
-  auditallow clatd proc_net_type:{ dir file lnk_file } { getattr open read };
-')
-
 # Access objects inherited from netd.
 allow clatd netd:fd use;
-allow clatd netd:fifo_file { read write };
 allow clatd netd:packet_socket { read write };
 allow clatd netd:rawip_socket { read write };
 
-allow clatd self:global_capability_class_set { net_admin net_raw setuid setgid };
-
 allow clatd self:netlink_route_socket nlmsg_write;
 allow clatd tun_device:chr_file rw_file_perms;