Merge "Allow VS to read vendor cfg for assignable devices" into main
diff --git a/build/soong/selinux_contexts.go b/build/soong/selinux_contexts.go
index f3fb33c..a7a2436 100644
--- a/build/soong/selinux_contexts.go
+++ b/build/soong/selinux_contexts.go
@@ -419,6 +419,14 @@
return builtCtxFile
}
+func (m *selinuxContextsModule) shouldCheckCoredomain(ctx android.ModuleContext) bool {
+ if !ctx.SocSpecific() && !ctx.DeviceSpecific() {
+ return false
+ }
+
+ return ctx.DeviceConfig().CheckVendorSeappViolations()
+}
+
func (m *selinuxContextsModule) buildSeappContexts(ctx android.ModuleContext, inputs android.Paths) android.Path {
neverallowFile := pathForModuleOut(ctx, "neverallow")
ret := pathForModuleOut(ctx, m.stem())
@@ -440,10 +448,8 @@
Inputs(inputs).
Input(neverallowFile)
- shippingApiLevel := ctx.DeviceConfig().ShippingApiLevel()
- ApiLevelU := android.ApiLevelOrPanic(ctx, "UpsideDownCake")
- if (ctx.SocSpecific() || ctx.DeviceSpecific()) && shippingApiLevel.GreaterThan(ApiLevelU) {
- checkCmd.Flag("-c") // check coredomain for V (or later) launching devices
+ if m.shouldCheckCoredomain(ctx) {
+ checkCmd.Flag("-c") // check coredomain for vendor contexts
}
rule.Build("seapp_contexts", "Building seapp_contexts: "+m.Name())
diff --git a/private/artd.te b/private/artd.te
index 5fcd43a..3b234bf 100644
--- a/private/artd.te
+++ b/private/artd.te
@@ -7,7 +7,8 @@
# Allow artd to publish a binder service and make binder calls.
binder_use(artd)
add_service(artd, artd_service)
-allow artd dumpstate:fifo_file { getattr write };
+allow artd dumpstate:fifo_file { getattr write };
+allow artd dumpstate:fd use;
init_daemon_domain(artd)
diff --git a/private/binderservicedomain.te b/private/binderservicedomain.te
index fa9dd7d..21349df 100644
--- a/private/binderservicedomain.te
+++ b/private/binderservicedomain.te
@@ -1,4 +1,5 @@
-# Rules common to all binder service domains
+# Rules common to some specific binder service domains.
+# Deprecated. Consider granting the exact permissions required by your service.
# Allow dumpstate and incidentd to collect information from binder services
allow binderservicedomain { dumpstate incidentd }:fd use;
diff --git a/public/attributes b/public/attributes
index 0fdbf13..fdac127 100644
--- a/public/attributes
+++ b/public/attributes
@@ -221,7 +221,8 @@
# All domains used for apps with bluetooth access.
attribute bluetoothdomain;
-# All domains used for binder service domains.
+# Specific domains that expose a binder service.
+# Deprecated, consider granting the exact permissions required by your service.
attribute binderservicedomain;
# All domains which have BPF access.
diff --git a/public/dumpstate.te b/public/dumpstate.te
index 4877f14..3748605 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -146,7 +146,7 @@
# Allow dumpstate to make binder calls to any binder service
binder_call(dumpstate, binderservicedomain)
-binder_call(dumpstate, { appdomain netd wificond })
+binder_call(dumpstate, { appdomain artd netd wificond })
# Allow dumpstate to call dump() on specific hals.
dump_hal(hal_audio)
diff --git a/public/te_macros b/public/te_macros
index c4ebc63..d2f4406 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -440,8 +440,7 @@
#####################################
# binder_service(domain)
-# Mark a domain as being a Binder service domain.
-# Used to allow binder IPC to the various system services.
+# Deprecated. Consider granting the exact permissions required by your service.
define(`binder_service', `
typeattribute $1 binderservicedomain;
')
diff --git a/tools/check_seapp.c b/tools/check_seapp.c
index 41a713d..b80d0e6 100644
--- a/tools/check_seapp.c
+++ b/tools/check_seapp.c
@@ -1312,10 +1312,23 @@
}
}
+ bool coredomain_violation = false;
list_for_each(&coredomain_violation_list, cursor) {
c = list_entry(cursor, typeof(*c), listify);
fprintf(stderr, "Forbidden attribute " COREDOMAIN " assigned to domain \"%s\" in "
- "File \"%s\" on line %d\n", c->domain, c->filename, c->lineno);
+ "File \"%s\" on line %d\n", c->domain, c->filename, c->lineno);
+ coredomain_violation = true;
+ }
+
+ if (coredomain_violation) {
+ fprintf(stderr, "********************************************************************************\n");
+ fprintf(stderr, "You tried to assign coredomain with vendor seapp_contexts, which is not allowed.\n"
+ "Either move offending entries to system, system_ext, or product seapp_contexts,\n"
+ "or remove 'coredomain' attribute from the domains.\n"
+ "See an example of how to fix this:\n"
+ "https://android-review.googlesource.com/2671075\n");
+ fprintf(stderr, "********************************************************************************\n");
+ found_issues = true;
}
if (found_issues) {