From 7ae939e84bff452beb0ba10c64983fb6f63e7712 Mon Sep 17 00:00:00 2001
From: Luis Hector Chavez <lhchavez@google.com>
Date: Mon, 8 Jan 2018 12:59:29 -0800
Subject: [PATCH] Revert "Allow callers of uevent_kernel_*() access to
 /proc/sys/kernel/overflowuid"

This reverts commit 640e595a68713d6d09eab4c436780498c46cdbcb. The
corresponding code in libcutils was removed, so this is now unneeded.

Bug: 71632076
Test: aosp_sailfish still works

Change-Id: I615bab83e9a83bc14439b8ab90c00d3156b0a7c4
---
 private/compat/26.0/26.0.cil | 1 -
 private/genfs_contexts       | 1 -
 public/file.te               | 1 -
 public/hal_usb.te            | 1 -
 public/healthd.te            | 1 -
 public/init.te               | 1 -
 public/netd.te               | 3 ---
 public/ueventd.te            | 3 ---
 public/vold.te               | 1 -
 9 files changed, 13 deletions(-)

diff --git a/private/compat/26.0/26.0.cil b/private/compat/26.0/26.0.cil
index 51eab2305..3b8b0fd1d 100644
--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@@ -463,7 +463,6 @@
     proc_loadavg
     proc_max_map_count
     proc_mounts
-    proc_overflowuid
     proc_page_cluster
     proc_pagetypeinfo
     proc_panic
diff --git a/private/genfs_contexts b/private/genfs_contexts
index c07cd4c3b..29bd0c46e 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -38,7 +38,6 @@ genfscon proc /sys/kernel/hung_task_timeout_secs u:object_r:proc_hung_task:s0
 genfscon proc /sys/kernel/kptr_restrict u:object_r:proc_security:s0
 genfscon proc /sys/kernel/modprobe u:object_r:usermodehelper:s0
 genfscon proc /sys/kernel/modules_disabled u:object_r:proc_security:s0
-genfscon proc /sys/kernel/overflowuid u:object_r:proc_overflowuid:s0
 genfscon proc /sys/kernel/panic_on_oops u:object_r:proc_panic:s0
 genfscon proc /sys/kernel/perf_event_max_sample_rate u:object_r:proc_perf:s0
 genfscon proc /sys/kernel/perf_event_paranoid u:object_r:proc_perf:s0
diff --git a/public/file.te b/public/file.te
index cdaaf221c..c536a8a5a 100644
--- a/public/file.te
+++ b/public/file.te
@@ -33,7 +33,6 @@ type proc_misc, fs_type;
 type proc_modules, fs_type;
 type proc_mounts, fs_type;
 type proc_net, fs_type;
-type proc_overflowuid, fs_type;
 type proc_page_cluster, fs_type;
 type proc_pagetypeinfo, fs_type;
 type proc_panic, fs_type;
diff --git a/public/hal_usb.te b/public/hal_usb.te
index e2e3449b8..9cfd5165d 100644
--- a/public/hal_usb.te
+++ b/public/hal_usb.te
@@ -15,5 +15,4 @@ allow hal_usb sysfs:file read;
 allow hal_usb sysfs:file open;
 allow hal_usb sysfs:file write;
 allow hal_usb sysfs:file getattr;
-allow hal_usb proc_overflowuid:file r_file_perms;
 
diff --git a/public/healthd.te b/public/healthd.te
index 64c1723cc..be8c724cc 100644
--- a/public/healthd.te
+++ b/public/healthd.te
@@ -52,7 +52,6 @@ allow healthd tty_device:chr_file rw_file_perms;
 allow healthd ashmem_device:chr_file execute;
 allow healthd self:process execmem;
 allow healthd proc_sysrq:file rw_file_perms;
-allow healthd proc_overflowuid:file r_file_perms;
 
 add_service(healthd, batteryproperties_service)
 
diff --git a/public/init.te b/public/init.te
index ad3ef4998..ddbe32347 100644
--- a/public/init.te
+++ b/public/init.te
@@ -274,7 +274,6 @@ allow init {
   proc_diskstats
   proc_kmsg # Open /proc/kmsg for logd service.
   proc_meminfo
-  proc_overflowuid
   proc_stat # Read /proc/stat for bootchart.
   proc_uptime
   proc_version
diff --git a/public/netd.te b/public/netd.te
index 225ada9f5..d5d90a7df 100644
--- a/public/netd.te
+++ b/public/netd.te
@@ -45,9 +45,6 @@ r_dir_file(netd, proc_net)
 # For /proc/sys/net/ipv[46]/route/flush.
 allow netd proc_net:file rw_file_perms;
 
-# Access for /proc/sys/kernel/overflowuid.
-allow netd proc_overflowuid:file r_file_perms;
-
 # Enables PppController and interface enumeration (among others)
 allow netd sysfs:dir r_dir_perms;
 r_dir_file(netd, sysfs_net)
diff --git a/public/ueventd.te b/public/ueventd.te
index b4a249702..c41adb35d 100644
--- a/public/ueventd.te
+++ b/public/ueventd.te
@@ -36,9 +36,6 @@ allow ueventd file_contexts_file:file r_file_perms;
 # Use setfscreatecon() to label /dev directories and files.
 allow ueventd self:process setfscreate;
 
-# Access for /proc/sys/kernel/overflowuid.
-allow ueventd proc_overflowuid:file r_file_perms;
-
 #####
 ##### neverallow rules
 #####
diff --git a/public/vold.te b/public/vold.te
index 9dbf8dd90..303307b8e 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -24,7 +24,6 @@ allow vold {
   proc_filesystems
   proc_meminfo
   proc_mounts
-  proc_overflowuid
 }:file r_file_perms;
 
 #Get file contexts
-- 
GitLab