commit 9c778045b2e687b0141eb0ed0f3ae583bf3695c4
author Tom Cherry <tomcherry@google.com> Thu Jan 25 11:31:09 2018 -0800
committer Jeffrey Vander Stoep <jeffv@google.com> Mon Jan 29 18:07:41 2018 +0000
tree d74603f4423b2377d37b22f363df3c103730265e
parent 03ba44532697a54dd19722c519294445eec51d9a

Remove vendor_init from coredomain

vendor_init exists on the system partition, but it is meant to be an
extention of init that runs with vendor permissions for executing
vendor scripts, therefore it is not meant to be in coredomain.

Bug: 62875318
Test: boot walleye
Merged-In: I01af5c9f8b198674b15b90620d02725a6e7c1da6
Change-Id: I01af5c9f8b198674b15b90620d02725a6e7c1da6

private/coredomain.te

diff --git a/private/coredomain.te b/private/coredomain.te
index 84d7a8f..23224c3 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te
@@ -10,7 +10,6 @@
 
     # generic access to sysfs_type
     -ueventd
-    -vendor_init
     -vold
 } sysfs_leds:file *;
 ')

private/domain.te

diff --git a/private/domain.te b/private/domain.te
index dae40d2..46d3189 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -25,7 +25,6 @@
   neverallow {
     coredomain
     -vold
-    -vendor_init
   } proc:file no_rw_file_perms;
 
   # /sys
@@ -34,7 +33,6 @@
     -init
     -ueventd
     -vold
-    -vendor_init
   } sysfs:file no_rw_file_perms;
 
   # /dev
@@ -43,7 +41,6 @@
     -fsck
     -init
     -ueventd
-    -vendor_init
   } device:{ blk_file file } no_rw_file_perms;
 
   # debugfs
@@ -52,7 +49,6 @@
     -dumpstate
     -init
     -system_server
-    -vendor_init
   } debugfs:file no_rw_file_perms;
 
   # tracefs
@@ -65,14 +61,12 @@
     userdebug_or_eng(`-traced_probes')
     -shell
     userdebug_or_eng(`-traceur_app')
-    -vendor_init
   } debugfs_tracing:file no_rw_file_perms;
 
   # inotifyfs
   neverallow {
     coredomain
     -init
-    -vendor_init
   } inotify:file no_rw_file_perms;
 
   # pstorefs
@@ -89,7 +83,6 @@
     -recovery_refresh
     -shell
     -system_server
-    -vendor_init
   } pstorefs:file no_rw_file_perms;
 
   # configfs
@@ -97,7 +90,6 @@
     coredomain
     -init
     -system_server
-    -vendor_init
   } configfs:file no_rw_file_perms;
 
   # functionfs
@@ -106,13 +98,11 @@
     -adbd
     -init
     -mediaprovider
-    -vendor_init
   }functionfs:file no_rw_file_perms;
 
   # usbfs and binfmt_miscfs
   neverallow {
     coredomain
     -init
-    -vendor_init
   }{ usbfs binfmt_miscfs }:file no_rw_file_perms;
 ')

private/vendor_init.te

diff --git a/private/vendor_init.te b/private/vendor_init.te
index 5d97f72..50efc22 100644
--- a/private/vendor_init.te
+++ b/private/vendor_init.te
@@ -1,5 +1,3 @@
-typeattribute vendor_init coredomain;
-
 # Creating files on sysfs is impossible so this isn't a threat
 # Sometimes we have to write to non-existent files to avoid conditional
 # init behavior. See b/35303861 for an example.

public/domain.te

diff --git a/public/domain.te b/public/domain.te
index 9b4fc74..308311c 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -718,6 +718,7 @@
     -coredomain
     -appdomain # appdomain restrictions below
     -socket_between_core_and_vendor_violators
+    -vendor_init
   } {
     coredomain_socket
     core_data_file_type
@@ -741,7 +742,6 @@
     -init
     -ueventd
     -socket_between_core_and_vendor_violators
-    -vendor_init
   } {
     file_type
     dev_type
@@ -767,7 +767,6 @@
     -appdomain # TODO(b/34980020) remove exemption for appdomain
     -data_between_core_and_vendor_violators
     -init
-    -vendor_init
   } {
     data_file_type
     -core_data_file_type
@@ -777,7 +776,6 @@
     -appdomain # TODO(b/34980020) remove exemption for appdomain
     -data_between_core_and_vendor_violators
     -init
-    -vendor_init
     } {
       data_file_type
       -core_data_file_type
@@ -838,7 +836,6 @@
         userdebug_or_eng(`-perfprofd')
         -postinstall_dexopt
         -system_server
-        -vendor_init
     } vendor_app_file:dir { open read getattr search };
 
     neverallow {
@@ -851,7 +848,6 @@
         userdebug_or_eng(`-perfprofd')
         -postinstall_dexopt
         -system_server
-        -vendor_init
     } vendor_app_file:{ file lnk_file } r_file_perms;
 
     # Limit access to /vendor/overlay
@@ -863,7 +859,6 @@
         -installd
         -system_server
         -zygote
-        -vendor_init
     } vendor_overlay_file:dir { getattr open read search };
 
     neverallow {
@@ -874,7 +869,6 @@
         -installd
         -system_server
         -zygote
-        -vendor_init
     } vendor_overlay_file:{ file lnk_file } r_file_perms;
 
     # Non-vendor domains are not allowed to file execute shell
@@ -882,7 +876,6 @@
     neverallow {
         coredomain
         -init
-        -vendor_init
         -shell
     } vendor_shell_exec:file { execute execute_no_trans };
 
@@ -908,7 +901,6 @@
       coredomain
       -init
       -system_executes_vendor_violators
-      -vendor_init
     } {
       vendor_file_type
       -same_process_hal_file
@@ -1217,6 +1209,5 @@
     -ueventd
     -crash_dump
     -perfprofd
-    -vendor_init
   } vendor_file:file { create_file_perms x_file_perms };
 ')

tests/treble_sepolicy_tests.py

diff --git a/tests/treble_sepolicy_tests.py b/tests/treble_sepolicy_tests.py
index 3c5c535..2f9e994 100644
--- a/tests/treble_sepolicy_tests.py
+++ b/tests/treble_sepolicy_tests.py
@@ -38,6 +38,7 @@
         'postinstall_dexopt',
         'recovery',
         'system_server',
+        'vendor_init',
         }
 coredomainWhitelist |= coreAppdomain