Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 43b48045615986ffd929ce4bf2fb9a3db63033d2^! / .
commit43b48045615986ffd929ce4bf2fb9a3db63033d2[log] [tgz]
authorIan Pedowitz <ijpedowitz@google.com>Thu Mar 30 06:59:02 2017 +0000
committerIan Pedowitz <ijpedowitz@google.com>Thu Mar 30 07:00:08 2017 +0000
treebfb3d6207a94eb3b05a774e321d6413f308320f6
parent5c09d123c4e5a22e48d0edbc63de0aab0a7de834 [diff]
Revert "Further restrict access to Binder services from vendor"

This reverts commit 5c09d123c4e5a22e48d0edbc63de0aab0a7de834.

Broke the build

Bug: 35870313
Test: source build/envsetup.sh && lunch marlin-userdebug && m -j40
Change-Id: I71c968be6e89462fd286be5663933552d478f8bf

diff --git a/public/domain.te b/public/domain.te
index 77200b3..3f8eb66 100644
--- a/public/domain.te
+++ b/public/domain.te

@@ -445,33 +445,16 @@
   neverallow {
     domain
     -coredomain
-    -appdomain # restrictions for vendor apps are declared lower down
-    -binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
-  } service_manager_type:service_manager find;
-  # Vendor apps are permited to use only stable public services. If they were to use arbitrary
-  # services which can change any time framework/core is updated, breakage is likely.
-  neverallow {
-    appdomain
-    -coredomain
-  } {
-    service_manager_type
-    -app_api_service
-    -ephemeral_app_api_service
-  }:service_manager find;
-  neverallow {
-    domain
-    -coredomain
     -appdomain
     -binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
   } servicemanager:binder { call transfer };
-')
 
-##
-# On full TREBLE devices core android components and vendor components may
-# not directly access each other's data types. All communication must occur
-# over HW binder. Open file descriptors may be passed and read/write/stat
-# operations my be performed on those FDs. Disallow all other operations.
-full_treble_only(`
+  ##
+  # On full TREBLE devices core android components and vendor components may
+  # not directly access each other data types. All communication must occur
+  # over HW binder. Open file descriptors may be passed and read/write/stat
+  # operations my be performed on those FDs. Disallow all other operations.
+  #
   # do not allow vendor component access to coredomains data types
   neverallow {
     domain
@@ -496,6 +479,7 @@
     -appdomain
     -coredata_in_vendor_violators
   } system_data_file:dir ~search;
+
 ')
 
 # On full TREBLE devices, socket communications between core components and vendor components are