Rem /vendor app neverallow to get vendor services
This CL changes a neverallow for /vendor apps accessing vendor_service.
Originally, /vendor apps ({appdomain -coredomain}) were disallowed from
accessing all AIDL services since they are platform implementation
details that may change over time, and these apps run in a system
context. However, now, vendor services can be stable. So, in order to
give the flexibility needed for vendor framework components installed to
the /vendor partition to access AIDL HALs, opening this up.
Bug: 163478173
Test: build (validates neverallows)
Change-Id: Ic2280021e875671ad99e3f1ba820c6e4408fd645
diff --git a/public/domain.te b/public/domain.te
index 1ac6770..35f03ee 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -661,16 +661,20 @@
full_treble_only(`
# Vendor apps are permited to use only stable public services. If they were to use arbitrary
# services which can change any time framework/core is updated, breakage is likely.
+ #
+ # Note, this same logic applies to untrusted apps, but neverallows for these are separate.
neverallow {
appdomain
-coredomain
} {
service_manager_type
+
-app_api_service
+ -vendor_service # must be @VintfStability to be used by an app
-ephemeral_app_api_service
+
-audioserver_service # TODO(b/36783122) remove exemptions below once app_api_service is fixed
-cameraserver_service
- -hal_gnss_service # TODO(b/169256910) remove once all violators are gone
-drmserver_service
-credstore_service
-keystore_service