Move vdc commands over to Binder.
Use nice clean AIDL instead of dirty sockets.
avc: denied { call } for pid=603 comm="vdc" scontext=u:r:vdc:s0 tcontext=u:r:servicemanager:s0 tclass=binder permissive=0
Test: vdc cryptfs init_user0
Bug: 13758960
Change-Id: I8b0e63adad8c4c7e2b5e6aca48386d1b371ea6a5
diff --git a/public/vdc.te b/public/vdc.te
index 53d7bbe..75a5d1b 100644
--- a/public/vdc.te
+++ b/public/vdc.te
@@ -8,16 +8,20 @@
type vdc, domain;
type vdc_exec, exec_type, file_type;
+# TODO: remove as part of 13758960
unix_socket_connect(vdc, vold, vold)
# vdc sends information back to dumpstate when "adb bugreport" is used
+# TODO: remove as part of 13758960
allow vdc dumpstate:fd use;
allow vdc dumpstate:unix_stream_socket { read write getattr };
# vdc information is written to shell owned bugreport files
+# TODO: remove as part of 13758960
allow vdc shell_data_file:file { write getattr };
# Why?
+# TODO: remove as part of 13758960
allow vdc dumpstate:unix_dgram_socket { read write };
# vdc can be invoked with logwrapper, so let it write to pty
@@ -25,3 +29,8 @@
# vdc writes directly to kmsg during the boot process
allow vdc kmsg_device:chr_file w_file_perms;
+
+# vdc talks to vold over Binder
+binder_use(vdc)
+binder_call(vdc, vold)
+allow vdc vold_service:service_manager find;
diff --git a/public/vold.te b/public/vold.te
index b2ffbd3..a74354a 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -198,8 +198,8 @@
neverallow { domain -vold -init -kernel } vold_data_file:notdevfile_class_set *;
neverallow { domain -vold -init } restorecon_prop:property_service set;
-# Only system_server can interact with vold over binder
-neverallow { domain -system_server -vold } vold_service:service_manager find;
+# Only system_server and vdc can interact with vold over binder
+neverallow { domain -system_server -vdc -vold } vold_service:service_manager find;
neverallow vold {
domain
-hal_keymaster