Merge "Allow traced_probes to list the system partition"
diff --git a/private/compat/26.0/26.0.cil b/private/compat/26.0/26.0.cil
index fb4a9e6..261fc6d 100644
--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@@ -10,6 +10,7 @@
(type reboot_data_file)
(type tracing_shell_writable)
(type tracing_shell_writable_debug)
+(type webview_zygote_socket)
(typeattributeset accessibility_service_26_0 (accessibility_service))
(typeattributeset account_service_26_0 (account_service))
diff --git a/private/file_contexts b/private/file_contexts
index 10a8a71..f05d005 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -157,7 +157,6 @@
/dev/socket/traced_consumer u:object_r:traced_consumer_socket:s0
/dev/socket/uncrypt u:object_r:uncrypt_socket:s0
/dev/socket/vold u:object_r:vold_socket:s0
-/dev/socket/webview_zygote u:object_r:webview_zygote_socket:s0
/dev/socket/wpa_eth[0-9] u:object_r:wpa_socket:s0
/dev/socket/wpa_wlan[0-9] u:object_r:wpa_socket:s0
/dev/socket/zygote u:object_r:zygote_socket:s0
@@ -276,8 +275,6 @@
/system/bin/bspatch u:object_r:update_engine_exec:s0
/system/bin/storaged u:object_r:storaged_exec:s0
/system/bin/thermalserviced u:object_r:thermalserviced_exec:s0
-/system/bin/webview_zygote32 u:object_r:webview_zygote_exec:s0
-/system/bin/webview_zygote64 u:object_r:webview_zygote_exec:s0
/system/bin/wpantund u:object_r:wpantund_exec:s0
/system/bin/virtual_touchpad u:object_r:virtual_touchpad_exec:s0
/system/bin/hw/android\.hidl\.allocator@1\.0-service u:object_r:hal_allocator_default_exec:s0
diff --git a/private/isolated_app.te b/private/isolated_app.te
index 06ed2c8..a6276b3 100644
--- a/private/isolated_app.te
+++ b/private/isolated_app.te
@@ -108,7 +108,7 @@
neverallow isolated_app { usb_device usbaccessory_device }:chr_file *;
# Restrict the webview_zygote control socket.
-neverallow isolated_app webview_zygote_socket:sock_file write;
+neverallow isolated_app webview_zygote:sock_file write;
# Limit the /sys files which isolated_app can access. This is important
# for controlling isolated_app attack surface.
diff --git a/private/statsd.te b/private/statsd.te
index 8874f73..e7af6c5 100644
--- a/private/statsd.te
+++ b/private/statsd.te
@@ -74,8 +74,8 @@
# Allow 'adb shell cmd' to upload configs and download output.
allow statsd adbd:fd use;
-allow statsd adbd:unix_stream_socket { read write };
-allow statsd shell:fifo_file read;
+allow statsd adbd:unix_stream_socket { getattr read write };
+allow statsd shell:fifo_file { getattr read };
###
### neverallow rules
diff --git a/private/system_server.te b/private/system_server.te
index 6e6212e..a52c5c7 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -153,7 +153,6 @@
unix_socket_connect(system_server, mtpd, mtp)
unix_socket_connect(system_server, netd, netd)
unix_socket_connect(system_server, vold, vold)
-unix_socket_connect(system_server, webview_zygote, webview_zygote)
unix_socket_connect(system_server, zygote, zygote)
unix_socket_connect(system_server, racoon, racoon)
unix_socket_connect(system_server, uncrypt, uncrypt)
@@ -161,6 +160,9 @@
# Communicate over a socket created by surfaceflinger.
allow system_server surfaceflinger:unix_stream_socket { read write setopt };
+# Communicate over a socket created by webview_zygote.
+allow system_server webview_zygote:unix_stream_socket { read write connectto setopt };
+
# Perform Binder IPC.
binder_use(system_server)
binder_call(system_server, appdomain)
diff --git a/private/webview_zygote.te b/private/webview_zygote.te
index e092112..c9a401a 100644
--- a/private/webview_zygote.te
+++ b/private/webview_zygote.te
@@ -6,9 +6,7 @@
# The webview_zygote needs to be able to transition domains.
typeattribute webview_zygote mlstrustedsubject;
-# When init launches the WebView zygote's executable, transition the
-# resulting process into webview_zygote domain.
-init_daemon_domain(webview_zygote)
+tmpfs_domain(webview_zygote);
# Allow reading/executing installed binaries to enable preloading the
# installed WebView implementation.
@@ -84,9 +82,8 @@
# Having said that, exec() above is not allowed.
neverallow webview_zygote *:file execute_no_trans;
-# The only way to enter this domain is for init to exec() us or the zygote
-# to fork a new webview_zygote child.
-neverallow { domain -init } webview_zygote:process transition;
+# The only way to enter this domain is for the zygote to fork a new
+# webview_zygote child.
neverallow { domain -zygote } webview_zygote:process dyntransition;
# Disallow write access to properties.
diff --git a/public/domain.te b/public/domain.te
index dc967f3..eb66b30 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -1022,7 +1022,7 @@
neverallow { domain -system_server } zygote_socket:sock_file write;
neverallow { domain -system_server -webview_zygote } webview_zygote:unix_stream_socket connectto;
-neverallow { domain -system_server } webview_zygote_socket:sock_file write;
+neverallow { domain -system_server } webview_zygote:sock_file write;
neverallow {
domain
diff --git a/public/file.te b/public/file.te
index 27ee0dc..c6b4ba8 100644
--- a/public/file.te
+++ b/public/file.te
@@ -331,7 +331,6 @@
type traced_consumer_socket, file_type, coredomain_socket;
type uncrypt_socket, file_type, coredomain_socket;
type vold_socket, file_type, coredomain_socket;
-type webview_zygote_socket, file_type, coredomain_socket;
type wpa_socket, file_type, data_file_type, core_data_file_type;
type zygote_socket, file_type, coredomain_socket;
# UART (for GPS) control proc file