commit 3e8dbf01ef3a5e2c53a27ab6b068d22c1a8fe02f
author dcashman <dcashman@google.com> Thu Dec 08 11:23:34 2016 -0800
committer dcashman <dcashman@google.com> Thu Dec 08 14:42:43 2016 -0800
tree c1fc339148bcd3039f58010a9eab16310be20ac6
parent f016fc1109ee108c07531651d827a4905c1a9e31

Restore app_domain macro and move to private use.

app_domain was split up in commit: 2e00e6373faa6271d7839d33c5b9e69d998ff020 to
enable compilation by hiding type_transition rules from public policy.  These
rules need to be hidden from public policy because they describe how objects are
labeled, of which non-platform should be unaware.  Instead of cutting apart the
app_domain macro, which non-platform policy may rely on for implementing new app
types, move all app_domain calls to private policy.

(cherry-pick of commit: 76035ea01971156895cf0d8efc1876bfa2025bd6)

Bug: 33428593
Test: bullhead and sailfish both boot. sediff shows no policy change.
Change-Id: I4beead8ccc9b6e13c6348da98bb575756f539665

private/bluetooth.te

diff --git a/private/bluetooth.te b/private/bluetooth.te
index e8c0e76..40ce8c1 100644
--- a/private/bluetooth.te
+++ b/private/bluetooth.te
@@ -3,7 +3,4 @@
 # Socket creation under /data/misc/bluedroid.
 type_transition bluetooth bluetooth_data_file:sock_file bluetooth_socket;
 
-# app_domain macro fallout
-tmpfs_domain(bluetooth)
-# Map with PROT_EXEC.
-allow bluetooth bluetooth_tmpfs:file execute;
+app_domain(bluetooth)

private/isolated_app.te

diff --git a/private/isolated_app.te b/private/isolated_app.te
index 0a9901a..a277752 100644
--- a/private/isolated_app.te
+++ b/private/isolated_app.te
@@ -1,7 +1,4 @@
-# app_domain fallout
-tmpfs_domain(isolated_app)
-# Map with PROT_EXEC.
-allow isolated_app isolated_app_tmpfs:file execute;
+app_domain(isolated_app)
 
 # Read system properties managed by webview_zygote.
 allow isolated_app webview_zygote_tmpfs:file read;

private/nfc.te

diff --git a/private/nfc.te b/private/nfc.te
index 33b5477..52b0d20 100644
--- a/private/nfc.te
+++ b/private/nfc.te
@@ -1,4 +1 @@
-# app_domain_fallout
-tmpfs_domain(nfc)
-# Map with PROT_EXEC.
-allow nfc nfc_tmpfs:file execute;
+app_domain(nfc)
\ No newline at end of file

private/platform_app.te

diff --git a/private/platform_app.te b/private/platform_app.te
index e478039..93cdc75 100644
--- a/private/platform_app.te
+++ b/private/platform_app.te
@@ -1,4 +1 @@
-# app_domain fallout
-tmpfs_domain(platform_app)
-# Map with PROT_EXEC.
-allow platform_app platform_app_tmpfs:file execute;
+app_domain(platform_app)
\ No newline at end of file

private/priv_app.te

diff --git a/private/priv_app.te b/private/priv_app.te
index 9a535d9..4e7e330 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -1,7 +1,4 @@
-# app_domain fallout
-tmpfs_domain(priv_app)
-# Map with PROT_EXEC.
-allow priv_app priv_app_tmpfs:file execute;
+app_domain(priv_app)
 
 # Allow the allocation and use of ptys
 # Used by: https://play.privileged.com/store/apps/details?id=jackpal.androidterm

private/radio.te

diff --git a/private/radio.te b/private/radio.te
index 7218b23..dede5d7 100644
--- a/private/radio.te
+++ b/private/radio.te
@@ -1,4 +1 @@
-# app_domain fallout
-tmpfs_domain(radio)
-# Map with PROT_EXEC.
-allow radio radio_tmpfs:file execute;
+app_domain(radio)
\ No newline at end of file

private/shared_relro.te

diff --git a/private/shared_relro.te b/private/shared_relro.te
index c3c43ab..b1ba0ff 100644
--- a/private/shared_relro.te
+++ b/private/shared_relro.te
@@ -1,4 +1,3 @@
-# app_domain fallout
-tmpfs_domain(shared_relro)
-# Map with PROT_EXEC.
-allow shared_relro shared_relro_tmpfs:file execute;
+# The shared relro process is a Java program forked from the zygote, so it
+# inherits from app to get basic permissions it needs to run.
+app_domain(shared_relro)

private/shell.te

diff --git a/private/shell.te b/private/shell.te
index 802ffc0..333265f 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -4,7 +4,6 @@
 allow shell debugfs_trace_marker:file getattr;
 allow shell atrace_exec:file rx_file_perms;
 
-# app_domain fallout
-tmpfs_domain(shell)
-# Map with PROT_EXEC.
-allow shell shell_tmpfs:file execute;
+# Run app_process.
+# XXX Transition into its own domain?
+app_domain(shell)

private/su.te

diff --git a/private/su.te b/private/su.te
index 3dda00f..b594ebe 100644
--- a/private/su.te
+++ b/private/su.te
@@ -11,8 +11,5 @@
 # su is also permissive to permit setenforce.
   permissive su;
 
-  # app_domain fallout
-  tmpfs_domain(su)
-  # Map with PROT_EXEC.
-  allow su su_tmpfs:file execute;
+  app_domain(su)
 ')

private/system_app.te

diff --git a/private/system_app.te b/private/system_app.te
index 4319c97..f6b0305 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -1,4 +1 @@
-# app_domain fallout
-tmpfs_domain(system_app)
-# Map with PROT_EXEC.
-allow system_app system_app_tmpfs:file execute;
+app_domain(system_app)

private/untrusted_app.te

diff --git a/private/untrusted_app.te b/private/untrusted_app.te
index c9ed000..b142ebf 100644
--- a/private/untrusted_app.te
+++ b/private/untrusted_app.te
@@ -1,7 +1,4 @@
-# app_domain fallout
-tmpfs_domain(untrusted_app)
-# Map with PROT_EXEC.
-allow untrusted_app untrusted_app_tmpfs:file execute;
+app_domain(untrusted_app)
 
 # Allow the allocation and use of ptys
 # Used by: https://play.google.com/store/apps/details?id=jackpal.androidterm