commit 82bdd796e1265bd0e4b0497e9bed1d0cafc9883b
author Nick Kralevich <nnk@google.com> Wed Oct 14 09:41:47 2015 -0700
committer Nick Kralevich <nnk@google.com> Wed Oct 14 09:41:47 2015 -0700
tree 0454c60c2b97adfb7ba0b196e4eeb60025219a6d
parent de11f5017c53aabba212425406962d21148fd2f6

system_server: (eng builds) remove JIT capabilities

23cde8776b94ff2228f3a8d845d41052af52319e removed JIT capabilities
from system_server for user and userdebug builds. Remove the capability
from eng builds to be consistent across build types.

Add a neverallow rule (compile time assertion + CTS test) to verify
this doesn't regress on our devices or partner devices.

Bug: 23468805
Bug: 24915206
Change-Id: Ib2154255c611b8812aa1092631a89bc59a27514b

system_server.te

diff --git a/system_server.te b/system_server.te
index 4ab42d6..b176243 100644
--- a/system_server.te
+++ b/system_server.te
@@ -7,13 +7,6 @@
 # Define a type for tmpfs-backed ashmem regions.
 tmpfs_domain(system_server)
 
-eng(`
-  # JIT mappings
-  allow system_server self:process execmem;
-  allow system_server ashmem_device:chr_file execute;
-  allow system_server system_server_tmpfs:file execute;
-')
-
 # For art.
 allow system_server dalvikcache_data_file:file execute;
 allow system_server dalvikcache_data_file:dir r_dir_perms;
@@ -472,3 +465,8 @@
 # the frp_block_device. This helps avoid a system_server to root
 # escalation by writing to raw block devices.
 neverallow system_server { dev_type -frp_block_device }:blk_file no_rw_file_perms;
+
+# system_server should never use JIT functionality
+neverallow system_server self:process execmem;
+neverallow system_server ashmem_device:chr_file execute;
+neverallow system_server system_server_tmpfs:file execute;