Temporarily downgrade to policy version number

Temporarily move from policy version 30 to 29 until device kernels
and prebuilts are all upgraded to the accepted upstream version of
the selinux ioctl command whitelisting code.

(cherry picked from commit 89765083)

Bug: 22846070

Change-Id: I31d1e80aaee164cf41a2f01c6ca846a000898ef4

Android.mk

@@ -5,7 +5,7 @@ include $(CLEAR_VARS)
 # SELinux policy version.
 # Must be <= /sys/fs/selinux/policyvers reported by the Android kernel.
 # Must be within the compatibility range reported by checkpolicy -V.
-POLICYVERS ?= 30
+POLICYVERS ?= 29
 
 MLS_SENS=1
 MLS_CATS=1024

isolated_app.te

@@ -18,9 +18,6 @@ allow isolated_app app_data_file:file { read write getattr lock };
 allow isolated_app activity_service:service_manager find;
 allow isolated_app display_service:service_manager find;
 
-# only allow unprivileged socket ioctl commands
-allow isolated_app self:{ rawip_socket tcp_socket udp_socket } unpriv_sock_ioctls;
-
 # Google Breakpad (crash reporter for Chrome) relies on ptrace
 # functionality. Without the ability to ptrace, the crash reporter
 # tool is broken.

untrusted_app.te

@@ -77,9 +77,6 @@ allow untrusted_app radio_service:service_manager find;
 allow untrusted_app surfaceflinger_service:service_manager find;
 allow untrusted_app app_api_service:service_manager find;
 
-# only allow unprivileged socket ioctl commands
-allow untrusted_app self:{ rawip_socket tcp_socket udp_socket } unpriv_sock_ioctls;
-
 # Allow GMS core to access perfprofd output, which is stored
 # in /data/misc/perfprofd/. GMS core will need to list all
 # data stored in that directory to process them one by one.