Merge "Add screencap domain." into stage-aosp-master
am: 09d37ab90b -s ours
Change-Id: I9a1585c559e893e95292194c3656f2e5cce9871d
diff --git a/private/adbd.te b/private/adbd.te
index 2008364..52597eb 100644
--- a/private/adbd.te
+++ b/private/adbd.te
@@ -63,9 +63,14 @@
# Run /system/bin/bu
allow adbd system_file:file rx_file_perms;
-# Use screencap
-domain_auto_trans(adbd, screencap_exec, screencap)
-allow adbd screencap:process signal;
+# Perform binder IPC to surfaceflinger (screencap)
+# XXX Run screencap in a separate domain?
+binder_use(adbd)
+binder_call(adbd, surfaceflinger)
+# b/13188914
+allow adbd gpu_device:chr_file rw_file_perms;
+allow adbd ion_device:chr_file rw_file_perms;
+r_dir_file(adbd, system_file)
# Needed for various screenshots
hal_client_domain(adbd, hal_graphics_allocator)
@@ -132,5 +137,5 @@
# No transitions from adbd to non-shell, non-crash_dump domains. adbd only ever
# transitions to the shell domain (except when it crashes). In particular, we
# never want to see a transition from adbd to su (aka "adb root")
-neverallow adbd { domain -crash_dump -shell -screencap }:process transition;
+neverallow adbd { domain -crash_dump -shell }:process transition;
neverallow adbd { domain userdebug_or_eng(`-su') }:process dyntransition;
diff --git a/private/app.te b/private/app.te
index 8cd959f..00ee12a 100644
--- a/private/app.te
+++ b/private/app.te
@@ -411,9 +411,7 @@
# sigchld allowed for parent death notification.
# signull allowed for kill(pid, 0) existence test.
# All others prohibited.
-neverallow { appdomain -shell } { domain -appdomain }:process
- { sigkill sigstop signal };
-neverallow shell { domain -appdomain -screencap }:process
+neverallow appdomain { domain -appdomain }:process
{ sigkill sigstop signal };
# Transition to a non-app domain.
diff --git a/private/dumpstate.te b/private/dumpstate.te
index 8f003aa..b8f8152 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -23,7 +23,3 @@
# Collect metrics on boot time created by init
get_prop(dumpstate, boottime_prop)
-
-# Use screencap
-domain_auto_trans(dumpstate, screencap_exec, screencap)
-allow dumpstate screencap:process signal;
diff --git a/private/file_contexts b/private/file_contexts
index 4029256..0bdb1f7 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -210,7 +210,6 @@
/system/bin/mediametrics u:object_r:mediametrics_exec:s0
/system/bin/cameraserver u:object_r:cameraserver_exec:s0
/system/bin/mediaextractor u:object_r:mediaextractor_exec:s0
-/system/bin/screencap u:object_r:screencap_exec:s0
/system/bin/mdnsd u:object_r:mdnsd_exec:s0
/system/bin/installd u:object_r:installd_exec:s0
/system/bin/otapreopt_chroot u:object_r:otapreopt_chroot_exec:s0
diff --git a/private/screencap.te b/private/screencap.te
deleted file mode 100644
index 579373a..0000000
--- a/private/screencap.te
+++ /dev/null
@@ -1,26 +0,0 @@
-type screencap, domain;
-type screencap_exec, exec_type, file_type;
-
-typeattribute screencap coredomain;
-
-allow screencap gpu_device:chr_file rw_file_perms;
-allow screencap ion_device:chr_file rw_file_perms;
-
-allow screencap adbd:fifo_file write;
-allow screencap adbd:fd use;
-allow screencap adbd:unix_stream_socket { read write };
-
-allow screencap shell_data_file:file write;
-allow screencap shell:fd use;
-allow screencap shell:unix_stream_socket { read write };
-
-allow screencap dumpstate:fd use;
-allow screencap dumpstate:unix_stream_socket { read write };
-
-binder_use(screencap)
-binder_call(screencap, surfaceflinger)
-allow screencap surfaceflinger_service:service_manager find;
-allow screencap surfaceflinger:fd use;
-
-hwbinder_use(screencap)
-hal_client_domain(screencap, hal_graphics_allocator)
diff --git a/private/shell.te b/private/shell.te
index 13a20e2..0886820 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -27,7 +27,3 @@
# Perform SELinux access checks, needed for CTS
selinux_check_access(shell)
selinux_check_context(shell)
-
-# Use screencap
-domain_auto_trans(shell, screencap_exec, screencap)
-allow shell screencap:process signal;
diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index 347a478..3595ee4 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@@ -22,7 +22,6 @@
binder_call(surfaceflinger, binderservicedomain)
binder_call(surfaceflinger, appdomain)
binder_call(surfaceflinger, bootanim)
-binder_call(surfaceflinger, screencap)
binder_service(surfaceflinger)
# Binder IPC to bu, presently runs in adbd domain.
diff --git a/public/dumpstate.te b/public/dumpstate.te
index 551e1de..85c0241 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -141,6 +141,9 @@
allow dumpstate bluetooth_logs_data_file:dir r_dir_perms;
allow dumpstate bluetooth_logs_data_file:file r_file_perms;
+# Dumpstate calls screencap, which grabs a screenshot. Needs gpu access
+allow dumpstate gpu_device:chr_file rw_file_perms;
+
# logd access
read_logd(dumpstate)
control_logd(dumpstate)
diff --git a/public/hal_neverallows.te b/public/hal_neverallows.te
index 036e1d2..fc2b5f6 100644
--- a/public/hal_neverallows.te
+++ b/public/hal_neverallows.te
@@ -17,6 +17,7 @@
-hal_wifi_supplicant_server
-rild
} domain:{ tcp_socket udp_socket rawip_socket } *;
+neverallow hal_tetheroffload_server unlabeled:service_manager list; #TODO: b/62658302
###
# HALs are defined as an attribute and so a given domain could hypothetically