shell: move shell qtaguid perms to shell.te am: 9d28625fc4

am: 7a99df8997

Change-Id: I577f211e913fd5ad2150a54d6931a810ec58cb43

public/app.te

@@ -174,6 +174,7 @@ userdebug_or_eng(`
   allow appdomain heapdump_data_file:file append;
 ')
 
+r_dir_file({ appdomain -ephemeral_app -isolated_app }, proc_net)
 # Write to /proc/net/xt_qtaguid/ctrl file.
 allow {
     untrusted_app_25
@@ -182,9 +183,7 @@ allow {
     priv_app
     system_app
     platform_app
-    shell
 } proc_qtaguid_ctrl:file rw_file_perms;
-r_dir_file({ appdomain -ephemeral_app -isolated_app }, proc_net)
 # read /proc/net/xt_qtguid/*stat* to per-app network data usage.
 # Exclude isolated app which may not use network sockets.
 r_dir_file({
@@ -194,7 +193,6 @@ r_dir_file({
     priv_app
     system_app
     platform_app
-    shell
 }, proc_qtaguid_stat)
 # Everybody can read the xt_qtaguid resource tracking misc dev.
 # So allow all apps to read from /dev/xt_qtaguid.
@@ -205,7 +203,6 @@ allow {
     priv_app
     system_app
     platform_app
-    shell
 } qtaguid_device:chr_file r_file_perms;
 
 # Grant GPU access to all processes started by Zygote.

public/shell.te

@@ -121,6 +121,7 @@ allow shell {
   proc_meminfo
   proc_modules
   proc_pid_max
+  proc_qtaguid_stat
   proc_stat
   proc_timer
   proc_uptime