Remove deprecated tagSocket() permissions

tagSocket() now results in netd performing these actions on behalf
of the calling process.

Remove direct access to:
/dev/xt_qtaguid
/proc/net/xt_qtaguid/ctrl

Bug: 68774956
Test: -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AppSecurityTests
    -m CtsNativeNetTestCases
Test: stream youtube, browse chrome
Test: go/manual-ab-ota
Change-Id: I6a044f304c3ec4e7c6043aebeb1ae63c9c5a0beb

2 files changed, 0 insertions, 9 deletions

diff --git a/public/mediaserver.te b/public/mediaserver.te
index f0c94edc..b20835a2 100644
--- a/public/mediaserver.te
+++ b/public/mediaserver.te
@@ -60,10 +60,6 @@ r_dir_file(mediaserver, media_rw_data_file)
 # Grant access to read files on appfuse.
 allow mediaserver app_fuse_file:file { read getattr };
 
-# Read/[write] to /proc/net/xt_qtaguid/ctrl and /dev/xt_qtaguid
-allow mediaserver qtaguid_proc:file rw_file_perms;
-allow mediaserver qtaguid_device:chr_file r_file_perms;
-
 # Needed on some devices for playing DRM protected content,
 # but seems expected and appropriate for all devices.
 unix_socket_connect(mediaserver, drmserver, drmserver)
diff --git a/public/update_engine.te b/public/update_engine.te
index 6e97aa91..00f70bc4 100644
--- a/public/update_engine.te
+++ b/public/update_engine.te
@@ -4,11 +4,6 @@ type update_engine_exec, exec_type, file_type;
 
 net_domain(update_engine);
 
-# Read/[write] to /proc/net/xt_qtaguid/ctrl and /dev/xt_qtaguid to tag network
-# sockets.
-allow update_engine qtaguid_proc:file rw_file_perms;
-allow update_engine qtaguid_device:chr_file r_file_perms;
-
 # Following permissions are needed for update_engine.
 allow update_engine self:process { setsched };
 allow update_engine self:global_capability_class_set { fowner sys_admin };