Remove ping domain.
ping in Android no longer requires any additional privileges beyond
the caller. Drop the ping domain and executable file type entirely.
Also add net_domain() to shell domain so that it can create and
use network sockets.
Change-Id: If51734abe572aecf8f510f1a55782159222e5a67
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
diff --git a/app.te b/app.te
index 02e3f11..7d4acfb 100644
--- a/app.te
+++ b/app.te
@@ -67,7 +67,6 @@
# Execute the shell or other system executables.
allow appdomain shell_exec:file rx_file_perms;
allow appdomain system_file:file rx_file_perms;
-allow appdomain ping_exec:file rx_file_perms;
# Read/write wallpaper file (opened by system).
allow appdomain wallpaper_file:file { read write };
@@ -268,7 +267,7 @@
{ sigkill sigstop signal };
# Transition to a non-app domain.
-# Exception for the shell domain, can transition to runas, ping, etc.
+# Exception for the shell domain, can transition to runas, etc.
neverallow { appdomain -shell -unconfineddomain } ~appdomain:process
{ transition dyntransition };
diff --git a/file_contexts b/file_contexts
index 817c0e0..6c530a6 100644
--- a/file_contexts
+++ b/file_contexts
@@ -142,7 +142,6 @@
/system/etc/dhcpcd(/.*)? u:object_r:dhcp_system_file:s0
/system/xbin/su u:object_r:su_exec:s0
/system/vendor/bin/gpsd u:object_r:gpsd_exec:s0
-/system/bin/ping u:object_r:ping_exec:s0
/system/bin/dnsmasq u:object_r:dnsmasq_exec:s0
/system/bin/hostapd u:object_r:hostapd_exec:s0
/system/bin/clatd u:object_r:clatd_exec:s0
diff --git a/ping.te b/ping.te
deleted file mode 100644
index 20ec97a..0000000
--- a/ping.te
+++ /dev/null
@@ -1,17 +0,0 @@
-type ping, domain;
-permissive ping;
-type ping_exec, exec_type, file_type;
-domain_auto_trans(shell, ping_exec, ping)
-domain_auto_trans(dumpstate, ping_exec, ping)
-
-allow ping self:capability net_raw;
-allow ping self:rawip_socket create_socket_perms;
-allow ping self:udp_socket create_socket_perms;
-allow ping node:rawip_socket node_bind;
-allow ping dnsproxyd_socket:sock_file write;
-allow ping netd:unix_stream_socket connectto;
-allow ping devpts:chr_file rw_file_perms;
-allow ping shell:fd use;
-
-allow ping dumpstate:fd use;
-allow ping dumpstate:unix_stream_socket { read write };
diff --git a/shell.te b/shell.te
index 9fd7c6d..18c1dfc 100644
--- a/shell.te
+++ b/shell.te
@@ -2,6 +2,9 @@
type shell, domain, shelldomain, mlstrustedsubject;
type shell_exec, exec_type, file_type;
+# Create and use network sockets.
+net_domain(shell)
+
# Run app_process.
# XXX Transition into its own domain?
app_domain(shell)
diff --git a/shell_user.te b/shell_user.te
index 27a5cd0..ad30802 100644
--- a/shell_user.te
+++ b/shell_user.te
@@ -2,6 +2,9 @@
type shell, domain, shelldomain, mlstrustedsubject;
type shell_exec, exec_type, file_type;
+# Create and use network sockets.
+net_domain(shell)
+
# Run app_process.
# XXX Transition into its own domain?
app_domain(shell)