Revert "Restrict SDK sandbox unix_stream_socket connections"

This reverts commit d226ac41e2.

Reason for revert: DroidMonitor identified candidate

Change-Id: Id961f81208fa18e76ae59855de9edc7b91a4201b

private/app.te

@@ -407,13 +407,7 @@ allow appdomain hal_graphics_composer:fd use;
 # hence no sock_file or connectto permission. This appears to be how
 # Chrome works, may need to be updated as more apps using isolated services
 # are examined.
-allow {
-  appdomain
-  -sdk_sandbox_all
-} {
-  appdomain
-  -sdk_sandbox_all
-}:unix_stream_socket { getopt getattr read write shutdown };
+allow appdomain appdomain:unix_stream_socket { getopt getattr read write shutdown };
 
 # Backup ability for every app. BMS opens and passes the fd
 # to any app that has backup ability. Hence, no open permissions here.

private/sdk_sandbox_all.te

@@ -124,24 +124,3 @@ neverallow sdk_sandbox_all sdk_sandbox_system_data_file:dir ~{ getattr search };
 # Only dirs should be created at sdk_sandbox_all_system_data_file level
 neverallow { domain -init } sdk_sandbox_system_data_file:file *;
 
-# Restrict unix stream sockets for IPC.
-neverallow sdk_sandbox_all {
-    domain
-    -sdk_sandbox_all
-    -surfaceflinger
-    -netd
-    -logd
-    -adbd
-    userdebug_or_eng(`-su')
-    # needed for profiling
-    -traced
-    -traced_perf
-    -heapprofd
-    # fallback crash handling for processes that can't exec crash_dump.
-    -tombstoned
-    -dumpstate
-    # needed to connect to PRNG seeder daemon.
-    -prng_seeder
-    # needed by the SDK sandbox
-    -system_server
-}:unix_stream_socket { create_stream_socket_perms connectto };