Drop back-compatibility for hiding ro.debuggable and ro.secure
Bug: 193912100
Test: back-compatibility change for android.security.SELinuxTargetSdkTest
Change-Id: I47f2ddc4fa87bf6c8f872d2679348b2eecddcaad
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 0d6d42c..3956379 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -256,14 +256,10 @@
# Only privileged apps may find the incident service
neverallow all_untrusted_apps incident_service:service_manager find;
-# Do not allow untrusted app to read hidden system proprerties
-# We exclude older application for compatibility and we do not include in the exclusions other normally
-# untrusted applications such as mediaprovider due to the specific logging use cases.
+# Do not allow untrusted app to read hidden system proprerties.
+# We do not include in the exclusions other normally untrusted applications such as mediaprovider
+# due to the specific logging use cases.
# Context: b/193912100
neverallow {
untrusted_app_all
- -untrusted_app_25
- -untrusted_app_27
- -untrusted_app_29
- -untrusted_app_30
} { userdebug_or_eng_prop }:file read;
diff --git a/private/untrusted_app_25.te b/private/untrusted_app_25.te
index 51cb514..4235d7e 100644
--- a/private/untrusted_app_25.te
+++ b/private/untrusted_app_25.te
@@ -52,7 +52,3 @@
# allow sending RTM_GETNEIGH{TBL} messages.
allow untrusted_app_25 self:netlink_route_socket nlmsg_getneigh;
auditallow untrusted_app_25 self:netlink_route_socket nlmsg_getneigh;
-
-
-# Allow hidden build props
-get_prop(untrusted_app_25, userdebug_or_eng_prop)
diff --git a/private/untrusted_app_27.te b/private/untrusted_app_27.te
index 0dde760..c747af1 100644
--- a/private/untrusted_app_27.te
+++ b/private/untrusted_app_27.te
@@ -40,6 +40,3 @@
# allow sending RTM_GETNEIGH{TBL} messages.
allow untrusted_app_27 self:netlink_route_socket nlmsg_getneigh;
auditallow untrusted_app_27 self:netlink_route_socket nlmsg_getneigh;
-
-# Allow hidden build props
-get_prop(untrusted_app_27, userdebug_or_eng_prop)
diff --git a/private/untrusted_app_29.te b/private/untrusted_app_29.te
index 0360184..03f3334 100644
--- a/private/untrusted_app_29.te
+++ b/private/untrusted_app_29.te
@@ -19,5 +19,3 @@
allow untrusted_app_29 self:netlink_route_socket nlmsg_getneigh;
auditallow untrusted_app_29 self:netlink_route_socket nlmsg_getneigh;
-# Allow hidden build props
-get_prop(untrusted_app_29, userdebug_or_eng_prop)
diff --git a/private/untrusted_app_30.te b/private/untrusted_app_30.te
index 6893aca..569c300 100644
--- a/private/untrusted_app_30.te
+++ b/private/untrusted_app_30.te
@@ -21,5 +21,3 @@
allow untrusted_app_30 self:netlink_route_socket nlmsg_getneigh;
auditallow untrusted_app_30 self:netlink_route_socket nlmsg_getneigh;
-# Allow hidden build props
-get_prop(untrusted_app_30, userdebug_or_eng_prop)