Merge "Remove unused wificond sepolicy privilges" into oc-dev
diff --git a/private/file_contexts_asan b/private/file_contexts_asan
index 5813d32..5e756fc 100644
--- a/private/file_contexts_asan
+++ b/private/file_contexts_asan
@@ -1,4 +1,4 @@
-/data/lib(/.*)? u:object_r:system_file:s0
-/data/lib64(/.*)? u:object_r:system_file:s0
-/data/vendor/lib(/.*)? u:object_r:system_file:s0
-/data/vendor/lib64(/.*)? u:object_r:system_file:s0
+/data/asan/system/lib(/.*)? u:object_r:system_file:s0
+/data/asan/system/lib64(/.*)? u:object_r:system_file:s0
+/data/asan/vendor/lib(/.*)? u:object_r:system_file:s0
+/data/asan/vendor/lib64(/.*)? u:object_r:system_file:s0
diff --git a/public/attributes b/public/attributes
index 9f42c9a..b1d83d0 100644
--- a/public/attributes
+++ b/public/attributes
@@ -45,6 +45,10 @@
# data outside /data/vendor.
# TODO(b/34980020): Remove this once there are no violations
attribute coredata_in_vendor_violators;
+# All core domains which violate the requirement of not accessing vendor
+# owned data.
+# TODO(b/34980020): Remove this once there are no violations
+attribute vendordata_in_core_violators;
# All types use for sysfs files.
attribute sysfs_type;
diff --git a/public/dhcp.te b/public/dhcp.te
index 6b9fb4a..c18b08d 100644
--- a/public/dhcp.te
+++ b/public/dhcp.te
@@ -1,6 +1,5 @@
type dhcp, domain, domain_deprecated;
type dhcp_exec, exec_type, file_type;
-type dhcp_data_file, file_type, data_file_type;
net_domain(dhcp)
diff --git a/public/domain.te b/public/domain.te
index fc4db7e..30b3a98 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -106,8 +106,8 @@
allow domain sysfs:lnk_file read;
# libc references /data/misc/zoneinfo for timezone related information
-not_full_treble(`r_dir_file(domain, zoneinfo_data_file)')
-r_dir_file({ coredomain appdomain }, zoneinfo_data_file)
+# This directory is considered to be a VNDK-stable
+r_dir_file(domain, zoneinfo_data_file)
# Lots of processes access current CPU information
r_dir_file(domain, sysfs_devices_system_cpu)
@@ -491,7 +491,10 @@
-coredomain
-appdomain
-coredata_in_vendor_violators
- } core_data_file_type:{
+ }
+ core_data_file_type
+ -zoneinfo_data_file # VNDK stable API provided by libc
+ :{
file_class_set
} ~{ append getattr ioctl read write };
# do not allow vendor component access to coredomains data directories.
@@ -502,13 +505,36 @@
-coredomain
-appdomain
-coredata_in_vendor_violators
- } { core_data_file_type -system_data_file }:dir *;
+ } {
+ core_data_file_type
+ -system_data_file
+ -zoneinfo_data_file # VNDK stable API provided by libc
+ }:dir *;
neverallow {
domain
-coredomain
-appdomain
-coredata_in_vendor_violators
} system_data_file:dir ~search;
+ # do not allow coredomains to directly access vendor data. Exempt init
+ # because it is responsible for dir/file creation in init.rc scripts.
+ # Also exempt halclientdomain to exclude rules for passthrough mode.
+ neverallow {
+ coredomain
+ -halclientdomain
+ -init
+ -vendordata_in_core_violators
+ } {
+ data_file_type
+ -core_data_file_type
+ }:file_class_set ~{ append getattr ioctl read write };
+ # do not allow coredomain to access vendor data directories.
+ neverallow {
+ coredomain
+ -halclientdomain
+ -init
+ -vendordata_in_core_violators
+ } { data_file_type -core_data_file_type }:dir *;
')
# On full TREBLE devices, socket communications between core components and vendor components are
diff --git a/public/file.te b/public/file.te
index 1634e33..f7f91df 100644
--- a/public/file.te
+++ b/public/file.te
@@ -135,6 +135,8 @@
type preloads_data_file, file_type, data_file_type, core_data_file_type;
# /data/preloads/media
type preloads_media_file, file_type, data_file_type, core_data_file_type;
+# /data/misc/dhcp and /data/misc/dhcp-6.8.2
+type dhcp_data_file, file_type, data_file_type, core_data_file_type;
# Mount locations managed by vold
type mnt_media_rw_file, file_type;