From 661dbb6d30798c1acfdbbaff10fba1d489b0f8ef Mon Sep 17 00:00:00 2001
From: Tri Vo <trong@google.com>
Date: Tue, 17 Oct 2017 13:54:28 -0700
Subject: [PATCH] Move device-agnostic netd rules to fwk policy.

These were moved from vendor to fwk policy:
1. sysfs_net type declaration
2. labeling of /sys/devices/virtual/net with sysfs_net
3. netd access to sysfs_net

Bug: 65643247
Test: can browse internet without netd denials
Test: netd_unit_test, netd_integration_test without netd denials

Change-Id: I9e6ec7ab24039bc74a7e47f423222334fed8bf3a
---
 sepolicy/vendor/file.te        | 1 -
 sepolicy/vendor/genfs_contexts | 1 -
 sepolicy/vendor/netd.te        | 2 --
 3 files changed, 4 deletions(-)

diff --git a/sepolicy/vendor/file.te b/sepolicy/vendor/file.te
index 2e41283c..cbd3c84f 100644
--- a/sepolicy/vendor/file.te
+++ b/sepolicy/vendor/file.te
@@ -8,7 +8,6 @@ type sysfs_laser, sysfs_type, fs_type;
 type sysfs_mdss_mdp_caps, sysfs_type, fs_type;
 type sysfs_msm_subsys, sysfs_type, fs_type;
 type sysfs_msm_subsys_restart, sysfs_type, fs_type;
-type sysfs_net, sysfs_type, fs_type;
 type sysfs_rmtfs, sysfs_type, fs_type;
 type sysfs_soc, sysfs_type, fs_type;
 type sysfs_scsi_devices_0000, sysfs_type, fs_type;
diff --git a/sepolicy/vendor/genfs_contexts b/sepolicy/vendor/genfs_contexts
index 6acbe849..54b50f8e 100644
--- a/sepolicy/vendor/genfs_contexts
+++ b/sepolicy/vendor/genfs_contexts
@@ -46,7 +46,6 @@ genfscon sysfs /module/tcp_cubic/parameters                             u:object
 genfscon sysfs /module/diagchar/parameters/timestamp_switch             u:object_r:sysfs_timestamp_switch:s0
 genfscon sysfs /devices/virtual/graphics/fb0                            u:object_r:sysfs_graphics:s0
 genfscon sysfs /devices/virtual/graphics/fb1                            u:object_r:sysfs_graphics:s0
-genfscon sysfs /devices/virtual/net                                     u:object_r:sysfs_net:s0
 genfscon sysfs /devices/virtual/misc/mnh_sm                             u:object_r:sysfs_easel:s0
 genfscon sysfs /devices/soc/8c0000.qcom,msm-cam                         u:object_r:sysfs_camera:s0
 genfscon sysfs /devices/soc0                                            u:object_r:sysfs_soc:s0
diff --git a/sepolicy/vendor/netd.te b/sepolicy/vendor/netd.te
index b26f9751..01c5cc3c 100644
--- a/sepolicy/vendor/netd.te
+++ b/sepolicy/vendor/netd.te
@@ -1,4 +1,2 @@
-allow netd sysfs_net:file w_file_perms;
-
 dontaudit netd kernel:system module_request;
 dontaudit netd self:capability sys_module;