Revert "Update netlink_audit_socket for nlmsg xperm"

Revert submission 3316655

Reason for revert: emulator does not boot

[    6.468328] selinux: SELinux:  Could not stat /data/dalvik-cache/arm: No such file or directory.
[    6.468892] ------------[ cut here ]------------
[    6.469241] selinux: SELinux:  Could not stat /data/dalvik-cache/arm64: No such file or directory.
[    6.469648] kernel BUG at security/selinux/ss/services.c:961!
[    6.470549] selinux: SELinux:  Could not stat /data/dalvik-cache/riscv64: No such file or directory.
[    6.471166] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
[    6.471928] selinux: SELinux:  Could not stat /data/dalvik-cache/x86: No such file or directory.
[    6.472389] CPU: 1 PID: 403 Comm: dhcpclient Tainted: G           OE      6.6.56-android15-8-gb713239b1f7f-ab12714926 #1 1400000003000000474e5500b8d4777a75d64646
[    6.473207] selinux: SELinux:  Could not stat /data/dalvik-cache/x86_64: No such file or directory.
[    6.474476] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.1-0-g0551a4be2c-prebuilt.qemu-project.org 04/01/2014
[    6.474478] RIP: 0010:services_compute_xperms_decision+0x19f/0x1b0
[    6.474483] Code: 8b 4e 08 8b 49 18 09 48 14 48 8b 07 48 8b 4e 08 8b 49 1c 09 48 18 48 8b 07 48 8b 4e 08 8b 49 20 09 48 1c 5d c3 cc cc cc cc cc <0f> 0b 0f 0b 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 b8 00 00 00 00
[    6.474485] RSP: 0018:ffffaa1601553bf8 EFLAGS: 00010202
[    6.474486] RAX: ffff8b5401052578 RBX: ffffaa1601553ca8 RCX: 0000000000000003
[    6.475300] init: Service 'ranchu-net' (pid 392) exited with status 0 oneshot service took 0.050000 seconds in background
[    6.476348] RDX: 00000000000008a4 RSI: ffff8b540104fba0 RDI: ffffaa1601553ca8
[    6.476912] init: Sending signal 9 to service 'ranchu-net' (pid 392) process group...
[    6.478581] RBP: ffffaa1601553bf8 R08: 00000000000008a4 R09: 000000000000001f
[    6.478582] R10: 00000000c7f20000 R11: ffff8b540c82a000 R12: ffff8b5402eae680
[    6.478583] R13: ffff8b5402eae680 R14: 00000000000008a3 R15: ffff8b540104fba0
[    6.478585] FS:  00007acc4a076fd8(0000) GS:ffff8b547da80000(0000) knlGS:0000000000000000
[    6.478587] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    6.478588] CR2: 000063c8ffb69960 CR3: 000000000c9ea000 CR4: 00000000000006a0
[    6.478590] Call Trace:
[    6.479124] libprocessgroup: Removed cgroup /sys/fs/cgroup/uid_0/pid_392
[    6.479709]  <TASK>
[    6.480943] init: processing action (post-fs-data) from (/system/etc/init/perfetto.rc:76)
[    6.481403]  ? __die_body+0x67/0xb0
[    6.482141] init: Command 'rm /data/misc/perfetto-traces/.guardraildata' action=post-fs-data (/system/etc/init/perfetto.rc:77) took 0ms and failed: unlink() failed: No such file or directory
[    6.482764]  ? die+0xa9/0xd0
[    6.483423] init: processing action (post-fs-data) from (/system/etc/init/profcollectd.rc:9)
[    6.484069]  ? do_trap+0x88/0x160
[    6.485330] init: processing action (post-fs-data) from (/system/etc/init/recovery-persist.rc:1)
[    6.485397]  ? services_compute_xperms_decision+0x19f/0x1b0
[    6.486136] init: starting service 'exec 13 (/system/bin/recovery-persist)'...
[    6.486273]  ? handle_invalid_op+0x69/0x90
[    6.487943] init: ... started service 'exec 13 (/system/bin/recovery-persist)' has pid 405
[    6.488173]  ? services_compute_xperms_decision+0x19f/0x1b0
[    6.489818] init: processing action (post-fs-data) from (/system/etc/init/wifi.rc:18)
[    6.490068]  ? exc_invalid_op+0x36/0x60
[    6.490071]  ? asm_exc_invalid_op+0x1f/0x30
[    6.490073]  ? services_compute_xperms_decision+0x19f/0x1b0
[    6.490075]  security_compute_xperms_decision+0x2b7/0x460
[    6.490077]  avc_has_extended_perms+0x2f6/0x610
[    6.490080]  ioctl_has_perm+0x12a/0x180
[    6.491055] selinux: SELinux: Skipping restorecon on directory(/data/misc/apexdata/com.android.wifi)
[    6.491154]  selinux_file_ioctl+0x1af/0x210
[    6.491957] init: processing action (post-fs-data) from (/system_ext/etc/init/init.system_ext.radio.rc:1)
[    6.492462]  ? alloc_file_pseudo+0xa6/0x110
[    6.500532]  security_file_ioctl+0x4a/0x60
[    6.500917]  __se_sys_ioctl+0x39/0xe0
[    6.501263]  __x64_sys_ioctl+0x1c/0x40
[    6.501612]  x64_sys_call+0x15b1/0x2e10
[    6.501995]  do_syscall_64+0x4a/0xa0
[    6.502335]  ? exc_page_fault+0x65/0xc0
[    6.502680]  entry_SYSCALL_64_after_hwframe+0x78/0xe2
[    6.503128] RIP: 0033:0x7acc47fad527
[    6.503462] Code: 00 00 00 b8 1b 00 00 00 0f 05 48 3d 01 f0 ff ff 72 09 f7 d8 89 c7 e8 e8 f7 ff ff c3 0f 1f 80 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 72 09 f7 d8 89 c7 e8 c8 f7 ff ff c3 0f 1f 80 00
[    6.505170] RSP: 002b:00007fff9386e268 EFLAGS: 00000206 ORIG_RAX: 0000000000000010
[    6.505869] RAX: ffffffffffffffda RBX: 00007fff9386e420 RCX: 00007acc47fad527
[    6.506521] RDX: 00007fff9386e390 RSI: 0000000000008933 RDI: 0000000000000003
[    6.507157] RBP: 00007fff9386e340 R08: 000000000000000a R09: 000000000000000b
[    6.507798] R10: 00000000fffff800 R11: 0000000000000206 R12: 0000000000000003
[    6.508460] R13: 00007fff9386e390 R14: 00007fff9386f898 R15: 00007fff9386f899
[    6.509121]  </TASK>
[    6.509331] Modules linked in: virtio_snd(E) virtio_pmem(E) virtio_net(E) virtio_input(E) virtio_media(OE) virtio_gpu(E) virt_wifi(E) vhci_hcd(E) v4l2loopback(OE) usbip_core(E) test_meminit(E) system_heap(E) snd_aloop(E) rtc_test(E) pulse8_cec(E) net_failover(E) nd_virtio(E) mt76x2u(E) mt76x2_common(E) mt76x0u(E) mt76x02_usb(E) mt76x0_common(E) mt76x02_lib(E) mt76_usb(E) mt76(E) mac80211_hwsim(E) mac80211(E) libarc4 hci_vhci(E) gs_usb(E) can_dev goldfish_sync(OE) goldfish_pipe(OE) goldfish_battery(E) goldfish_address_space(OE) failover(E) dummy_hcd(E) dummy_cpufreq(E) cfg80211(E) btusb(E) btbcm btrtl(E) btintel(E) bluetooth zram rfkill zsmalloc vmw_vsock_virtio_transport(E) virtio_pci(E) virtio_pci_modern_dev(E) virtio_console(E) virtio_blk(E) virtio_rng(E) virtio_pci_legacy_dev(E) virtio_dma_buf(E)
[    6.515674] ---[ end trace 0000000000000000 ]---
[    6.515799] init: Service 'exec 13 (/system/bin/recovery-persist)' (pid 405) exited with status 0 oneshot service took 0.028000 seconds in background
[    6.517623] init: Sending signal 9 to service 'exec 13 (/system/bin/recovery-persist)' (pid 405) process group...
[    6.518721] li

Reverted changes: /q/submissionid:3316655

Change-Id: I9b3ad2ae4eb587fd903a3d285c09ec4cd4036246
diff --git a/private/access_vectors b/private/access_vectors
index 6bfe5d9..f91c1a4 100644
--- a/private/access_vectors
+++ b/private/access_vectors
@@ -428,7 +428,6 @@
 	nlmsg_relay
 	nlmsg_readpriv
 	nlmsg_tty_audit
-	nlmsg
 }
 
 class netlink_dnrt_socket
diff --git a/private/auditctl.te b/private/auditctl.te
index b6d191a..f634d3d 100644
--- a/private/auditctl.te
+++ b/private/auditctl.te
@@ -15,10 +15,4 @@
 init_daemon_domain(auditctl)
 
 allow auditctl self:global_capability_class_set audit_control;
-allow auditctl self:netlink_audit_socket create_socket_perms_no_ioctl;
-
-# For kernel < 6.13
-allow auditctl self:netlink_audit_socket nlmsg_write;
-# For kernel >= 6.13
-allow auditctl self:netlink_audit_socket nlmsg;
-allowxperm auditctl self:netlink_audit_socket nlmsg AUDIT_SET;
+allow auditctl self:netlink_audit_socket { create_socket_perms_no_ioctl nlmsg_write };
diff --git a/private/init.te b/private/init.te
index cdcf0b9..15f79e3 100644
--- a/private/init.te
+++ b/private/init.te
@@ -706,14 +706,7 @@
 # Send an SELinux userspace denial to the kernel audit subsystem,
 # so it can be picked up and processed by logd. These denials are
 # generated when an attempt to set a property is denied by policy.
-allow init self:netlink_audit_socket create_socket_perms_no_ioctl;
-
-# For kernel < 6.13
-allow init self:netlink_audit_socket nlmsg_relay;
-# For kernel >= 6.13
-allow init self:netlink_audit_socket nlmsg;
-allowxperm init self:netlink_audit_socket nlmsg AUDIT_USER_AVC;
-
+allow init self:netlink_audit_socket { create_socket_perms_no_ioctl nlmsg_relay };
 allow init self:global_capability_class_set audit_write;
 
 # Run "ifup lo" to bring up the localhost interface
diff --git a/private/logd.te b/private/logd.te
index 8f97e10..b6e8b27 100644
--- a/private/logd.te
+++ b/private/logd.te
@@ -58,14 +58,7 @@
 
 allow logd self:global_capability_class_set { setuid setgid setpcap sys_nice audit_control };
 allow logd self:global_capability2_class_set syslog;
-allow logd self:netlink_audit_socket create_socket_perms_no_ioctl;
-
-# For kernel < 6.13
-allow logd self:netlink_audit_socket nlmsg_write;
-# For kernel >= 6.13
-allow logd self:netlink_audit_socket nlmsg;
-allowxperm logd self:netlink_audit_socket nlmsg { AUDIT_SET AUDIT_USER_AVC };
-
+allow logd self:netlink_audit_socket { create_socket_perms_no_ioctl nlmsg_write };
 allow logd kernel:system syslog_read;
 allow logd kmsg_device:chr_file { getattr w_file_perms };
 allow logd system_data_file:{ file lnk_file } r_file_perms;