From 1c5d223b1621d8a3055465af3d4b2eed1b9170a5 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Fri, 16 Nov 2018 17:46:56 -0800
Subject: [PATCH] vold: remove access to /proc/net files

The auditallow added in commit
7a4af30b385d0a2a6c6093a6814492c4c18603b3 ("Start the process of locking
down proc/net", May 04 2018), has not been triggered. This is safe to
delete.

Test: Policy compiles
Test: no collected SELinux denials
Bug: 68016944
Change-Id: Ib45519b91742d09e7b93bbaf972e558848691a80
---
 public/vold.te | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/public/vold.te b/public/vold.te
index 3848c359d..d26c83614 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -7,12 +7,6 @@ allow vold cache_file:dir r_dir_perms;
 allow vold cache_file:file { getattr read };
 allow vold cache_file:lnk_file r_file_perms;
 
-# Read access to pseudo filesystems.
-r_dir_file(vold, proc_net_type)
-userdebug_or_eng(`
-  auditallow vold proc_net_type:{ dir file lnk_file } { getattr open read };
-')
-
 r_dir_file(vold, { sysfs_type -sysfs_batteryinfo })
 # XXX Label sysfs files with a specific type?
 allow vold sysfs:file w_file_perms; # writing to /sys/*/uevent during coldboot.
-- 
GitLab