commit 48c02d56b15ace6ecd265bd63f86fe1cbbf8b849
author Tri Vo <trong@google.com> Tue Oct 17 13:54:28 2017 -0700
committer Tri Vo <trong@google.com> Fri Oct 20 12:42:20 2017 -0700
tree 6367164994d1f332e347531aaa4762fdfab5cc75
parent fc574abf11c2fada2cd89671df2d03cfb91b7993

Move device-agnostic netd rules to fwk policy.

These were moved from vendor to fwk policy:
1. sysfs_net type declaration
2. labeling of /sys/devices/virtual/net with sysfs_net
3. netd access to sysfs_net

Bug: 65643247
Test: can browse internet without netd denials
Test: netd_unit_test, netd_integration_test without netd denials

Merged-In: I9e6ec7ab24039bc74a7e47f423222334fed8bf3a
Change-Id: I9e6ec7ab24039bc74a7e47f423222334fed8bf3a
(cherry picked from commit 661dbb6d30798c1acfdbbaff10fba1d489b0f8ef)

sepolicy/vendor/file.te

diff --git a/sepolicy/vendor/file.te b/sepolicy/vendor/file.te
index fc569b5..2e9a984 100644
--- a/sepolicy/vendor/file.te
+++ b/sepolicy/vendor/file.te
@@ -8,7 +8,6 @@
 type sysfs_mdss_mdp_caps, sysfs_type, fs_type;
 type sysfs_msm_subsys, sysfs_type, fs_type;
 type sysfs_msm_subsys_restart, sysfs_type, fs_type;
-type sysfs_net, sysfs_type, fs_type;
 type sysfs_rmtfs, sysfs_type, fs_type;
 type sysfs_soc, sysfs_type, fs_type;
 type sysfs_scsi_devices_0000, sysfs_type, fs_type;

sepolicy/vendor/genfs_contexts

diff --git a/sepolicy/vendor/genfs_contexts b/sepolicy/vendor/genfs_contexts
index 602c270..eac549f 100644
--- a/sepolicy/vendor/genfs_contexts
+++ b/sepolicy/vendor/genfs_contexts
@@ -46,7 +46,6 @@
 genfscon sysfs /module/diagchar/parameters/timestamp_switch             u:object_r:sysfs_timestamp_switch:s0
 genfscon sysfs /devices/virtual/graphics/fb0                            u:object_r:sysfs_graphics:s0
 genfscon sysfs /devices/virtual/graphics/fb1                            u:object_r:sysfs_graphics:s0
-genfscon sysfs /devices/virtual/net                                     u:object_r:sysfs_net:s0
 genfscon sysfs /devices/soc/8c0000.qcom,msm-cam                         u:object_r:sysfs_camera:s0
 genfscon sysfs /devices/soc0                                            u:object_r:sysfs_soc:s0
 genfscon sysfs /devices/soc/caa0000.qcom,jpeg                           u:object_r:sysfs_camera:s0

sepolicy/vendor/netd.te

diff --git a/sepolicy/vendor/netd.te b/sepolicy/vendor/netd.te
index b26f975..01c5cc3 100644
--- a/sepolicy/vendor/netd.te
+++ b/sepolicy/vendor/netd.te
@@ -1,4 +1,2 @@
-allow netd sysfs_net:file w_file_perms;
-
 dontaudit netd kernel:system module_request;
 dontaudit netd self:capability sys_module;