Remove deprecated tagSocket() permissions

tagSocket() now results in netd performing these actions on behalf
of the calling process.

Remove direct access to:
/dev/xt_qtaguid
/proc/net/xt_qtaguid/ctrl

Bug: 68774956
Test: -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AppSecurityTests
    -m CtsNativeNetTestCases
Test: stream youtube, browse chrome
Test: go/manual-ab-ota
Change-Id: I6a044f304c3ec4e7c6043aebeb1ae63c9c5a0beb

private/system_server.te

@@ -122,10 +122,6 @@ allow system_server hal_audio_server:file w_file_perms;
 # for dumping stack traces of native processes.
 r_dir_file(system_server, domain)
 
-# Read/Write to /proc/net/xt_qtaguid/ctrl and and /dev/xt_qtaguid.
-allow system_server qtaguid_proc:file rw_file_perms;
-allow system_server qtaguid_device:chr_file rw_file_perms;
-
 # Write /proc/uid_cputime/remove_uid_range.
 allow system_server proc_uid_cputime_removeuid:file { w_file_perms getattr };
 

public/mediaserver.te

@@ -60,10 +60,6 @@ r_dir_file(mediaserver, media_rw_data_file)
 # Grant access to read files on appfuse.
 allow mediaserver app_fuse_file:file { read getattr };
 
-# Read/[write] to /proc/net/xt_qtaguid/ctrl and /dev/xt_qtaguid
-allow mediaserver qtaguid_proc:file rw_file_perms;
-allow mediaserver qtaguid_device:chr_file r_file_perms;
-
 # Needed on some devices for playing DRM protected content,
 # but seems expected and appropriate for all devices.
 unix_socket_connect(mediaserver, drmserver, drmserver)

public/update_engine.te

@@ -4,11 +4,6 @@ type update_engine_exec, exec_type, file_type;
 
 net_domain(update_engine);
 
-# Read/[write] to /proc/net/xt_qtaguid/ctrl and /dev/xt_qtaguid to tag network
-# sockets.
-allow update_engine qtaguid_proc:file rw_file_perms;
-allow update_engine qtaguid_device:chr_file r_file_perms;
-
 # Following permissions are needed for update_engine.
 allow update_engine self:process { setsched };
 allow update_engine self:global_capability_class_set { fowner sys_admin };