Merge "sepolicy: allow apps to execute libs embedded inside vendor apk" into oc-dev
diff --git a/Android.mk b/Android.mk
index dd37341..b7db00b 100644
--- a/Android.mk
+++ b/Android.mk
@@ -10,7 +10,7 @@
# is made which breaks compatibility with the previous platform sepolicy version,
# not just on every increase in PLATFORM_SDK_VERSION. The minor version should
# be reset to 0 on every bump of the PLATFORM_SDK_VERSION.
-sepolicy_major_vers := 25
+sepolicy_major_vers := 26
sepolicy_minor_vers := 0
ifneq ($(sepolicy_major_vers), $(PLATFORM_SDK_VERSION))
diff --git a/private/attributes b/private/attributes
new file mode 100644
index 0000000..fcbfecf
--- /dev/null
+++ b/private/attributes
@@ -0,0 +1,9 @@
+# Temporary attribute used for migrating permissions out of domain.
+# Motivation: Domain is overly permissive. Start removing permissions
+# from domain and assign them to the domain_deprecated attribute.
+# Domain_deprecated and domain can initially be assigned to all
+# domains. The goal is to not assign domain_deprecated to new domains
+# and to start removing domain_deprecated where it's not required or
+# reassigning the appropriate permissions to the inheriting domain
+# when necessary.
+attribute domain_deprecated;
diff --git a/private/clatd.te b/private/clatd.te
index 5ba0fc5..c09398d 100644
--- a/private/clatd.te
+++ b/private/clatd.te
@@ -1 +1,2 @@
typeattribute clatd coredomain;
+typeattribute clatd domain_deprecated;
diff --git a/private/dex2oat.te b/private/dex2oat.te
index fd45484..89c3970 100644
--- a/private/dex2oat.te
+++ b/private/dex2oat.te
@@ -1 +1,2 @@
typeattribute dex2oat coredomain;
+typeattribute dex2oat domain_deprecated;
diff --git a/private/dhcp.te b/private/dhcp.te
index b2f8ac7..6a6a139 100644
--- a/private/dhcp.te
+++ b/private/dhcp.te
@@ -1,4 +1,5 @@
typeattribute dhcp coredomain;
+typeattribute dhcp domain_deprecated;
init_daemon_domain(dhcp)
type_transition dhcp system_data_file:{ dir file } dhcp_data_file;
diff --git a/public/domain_deprecated.te b/private/domain_deprecated.te
similarity index 98%
rename from public/domain_deprecated.te
rename to private/domain_deprecated.te
index 7a26bec..aefb724 100644
--- a/public/domain_deprecated.te
+++ b/private/domain_deprecated.te
@@ -79,7 +79,6 @@
-fingerprintd
-installd
-keystore
- -rild
-surfaceflinger
-system_server
-update_engine
@@ -193,7 +192,6 @@
domain_deprecated
-fsck
-fsck_untrusted
- -rild
-sdcardd
-system_server
-update_engine
@@ -203,7 +201,6 @@
domain_deprecated
-fsck
-fsck_untrusted
- -rild
-system_server
-vold
} proc:lnk_file { open ioctl lock }; # getattr read granted in domain
@@ -213,7 +210,6 @@
-fingerprintd
-healthd
-netd
- -rild
-system_app
-surfaceflinger
-system_server
@@ -227,7 +223,6 @@
-fingerprintd
-healthd
-netd
- -rild
-system_app
-surfaceflinger
-system_server
@@ -241,7 +236,6 @@
-fingerprintd
-healthd
-netd
- -rild
-system_app
-surfaceflinger
-system_server
@@ -259,7 +253,6 @@
-installd
-keystore
-netd
- -rild
-surfaceflinger
-system_server
-zygote
@@ -274,7 +267,6 @@
-installd
-keystore
-netd
- -rild
-surfaceflinger
-system_server
-zygote
diff --git a/private/dumpstate.te b/private/dumpstate.te
index b8f8152..0fe2adf 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -1,4 +1,5 @@
typeattribute dumpstate coredomain;
+typeattribute dumpstate domain_deprecated;
init_daemon_domain(dumpstate)
diff --git a/private/fingerprintd.te b/private/fingerprintd.te
index eb73ef8..0c1dfaa 100644
--- a/private/fingerprintd.te
+++ b/private/fingerprintd.te
@@ -1,3 +1,4 @@
typeattribute fingerprintd coredomain;
+typeattribute fingerprintd domain_deprecated;
init_daemon_domain(fingerprintd)
diff --git a/private/fsck.te b/private/fsck.te
index 3a36329..e846797 100644
--- a/private/fsck.te
+++ b/private/fsck.te
@@ -1,3 +1,4 @@
typeattribute fsck coredomain;
+typeattribute fsck domain_deprecated;
init_daemon_domain(fsck)
diff --git a/private/fsck_untrusted.te b/private/fsck_untrusted.te
index 9a57bf0..2a1a39f 100644
--- a/private/fsck_untrusted.te
+++ b/private/fsck_untrusted.te
@@ -1 +1,2 @@
typeattribute fsck_untrusted coredomain;
+typeattribute fsck_untrusted domain_deprecated;
diff --git a/private/installd.te b/private/installd.te
index f74843d..d726e7d 100644
--- a/private/installd.te
+++ b/private/installd.te
@@ -1,4 +1,5 @@
typeattribute installd coredomain;
+typeattribute installd domain_deprecated;
init_daemon_domain(installd)
diff --git a/private/keystore.te b/private/keystore.te
index a9647c6..1e56338 100644
--- a/private/keystore.te
+++ b/private/keystore.te
@@ -1,4 +1,5 @@
typeattribute keystore coredomain;
+typeattribute keystore domain_deprecated;
init_daemon_domain(keystore)
diff --git a/private/mtp.te b/private/mtp.te
index 732e111..3cfda0b 100644
--- a/private/mtp.te
+++ b/private/mtp.te
@@ -1,3 +1,4 @@
typeattribute mtp coredomain;
+typeattribute mtp domain_deprecated;
init_daemon_domain(mtp)
diff --git a/private/netd.te b/private/netd.te
index f501f25..3a824af 100644
--- a/private/netd.te
+++ b/private/netd.te
@@ -1,4 +1,5 @@
typeattribute netd coredomain;
+typeattribute netd domain_deprecated;
init_daemon_domain(netd)
diff --git a/private/perfprofd.te b/private/perfprofd.te
index 9c249fd..a655f1d 100644
--- a/private/perfprofd.te
+++ b/private/perfprofd.te
@@ -1,4 +1,5 @@
userdebug_or_eng(`
typeattribute perfprofd coredomain;
+ typeattribute perfprofd domain_deprecated;
init_daemon_domain(perfprofd)
')
diff --git a/private/ppp.te b/private/ppp.te
index 968b221..9b301f4 100644
--- a/private/ppp.te
+++ b/private/ppp.te
@@ -1,3 +1,4 @@
typeattribute ppp coredomain;
+typeattribute ppp domain_deprecated;
domain_auto_trans(mtp, ppp_exec, ppp)
diff --git a/private/radio.te b/private/radio.te
index b4f5390..83b5b41 100644
--- a/private/radio.te
+++ b/private/radio.te
@@ -1,4 +1,5 @@
typeattribute radio coredomain;
+typeattribute radio domain_deprecated;
app_domain(radio)
diff --git a/private/recovery.te b/private/recovery.te
index 2a7fdc7..b7b2847 100644
--- a/private/recovery.te
+++ b/private/recovery.te
@@ -1 +1,2 @@
typeattribute recovery coredomain;
+typeattribute recovery domain_deprecated;
diff --git a/private/runas.te b/private/runas.te
index ef31aac..73a91ff 100644
--- a/private/runas.te
+++ b/private/runas.te
@@ -1,4 +1,5 @@
typeattribute runas coredomain;
+typeattribute runas domain_deprecated;
# ndk-gdb invokes adb shell run-as.
domain_auto_trans(shell, runas_exec, runas)
diff --git a/private/sdcardd.te b/private/sdcardd.te
index 126d643..ac6bb4e 100644
--- a/private/sdcardd.te
+++ b/private/sdcardd.te
@@ -1,3 +1,4 @@
typeattribute sdcardd coredomain;
+typeattribute sdcardd domain_deprecated;
type_transition sdcardd system_data_file:{ dir file } media_rw_data_file;
diff --git a/private/shared_relro.te b/private/shared_relro.te
index 02f7206..8d06294 100644
--- a/private/shared_relro.te
+++ b/private/shared_relro.te
@@ -1,4 +1,5 @@
typeattribute shared_relro coredomain;
+typeattribute shared_relro domain_deprecated;
# The shared relro process is a Java program forked from the zygote, so it
# inherits from app to get basic permissions it needs to run.
diff --git a/private/system_server.te b/private/system_server.te
index f391aa5..925c82d 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -181,6 +181,7 @@
hal_client_domain(system_server, hal_ir)
hal_client_domain(system_server, hal_light)
hal_client_domain(system_server, hal_memtrack)
+hal_client_domain(system_server, hal_oemlock)
allow system_server hal_omx_hwservice:hwservice_manager find;
allow system_server hidl_token_hwservice:hwservice_manager find;
hal_client_domain(system_server, hal_power)
@@ -191,6 +192,7 @@
hal_client_domain(system_server, hal_usb)
hal_client_domain(system_server, hal_vibrator)
hal_client_domain(system_server, hal_vr)
+hal_client_domain(system_server, hal_weaver)
hal_client_domain(system_server, hal_wifi)
hal_client_domain(system_server, hal_wifi_supplicant)
diff --git a/private/ueventd.te b/private/ueventd.te
index 1bd6773..0df587f 100644
--- a/private/ueventd.te
+++ b/private/ueventd.te
@@ -1,3 +1,4 @@
typeattribute ueventd coredomain;
+typeattribute ueventd domain_deprecated;
tmpfs_domain(ueventd)
diff --git a/private/uncrypt.te b/private/uncrypt.te
index e4e9224..fde686b 100644
--- a/private/uncrypt.te
+++ b/private/uncrypt.te
@@ -1,3 +1,4 @@
typeattribute uncrypt coredomain;
+typeattribute uncrypt domain_deprecated;
init_daemon_domain(uncrypt)
diff --git a/private/update_engine.te b/private/update_engine.te
index 5af7db6..f460272 100644
--- a/private/update_engine.te
+++ b/private/update_engine.te
@@ -1,3 +1,4 @@
typeattribute update_engine coredomain;
+typeattribute update_engine domain_deprecated;
init_daemon_domain(update_engine);
diff --git a/private/vold.te b/private/vold.te
index a6d1001..f2416f8 100644
--- a/private/vold.te
+++ b/private/vold.te
@@ -1,4 +1,5 @@
typeattribute vold coredomain;
+typeattribute vold domain_deprecated;
init_daemon_domain(vold)
diff --git a/public/attributes b/public/attributes
index c449a08..c9c3f8b 100644
--- a/public/attributes
+++ b/public/attributes
@@ -10,16 +10,6 @@
# All types used for processes.
attribute domain;
-# Temporary attribute used for migrating permissions out of domain.
-# Motivation: Domain is overly permissive. Start removing permissions
-# from domain and assign them to the domain_deprecated attribute.
-# Domain_deprecated and domain can initially be assigned to all
-# domains. The goal is to not assign domain_deprecated to new domains
-# and to start removing domain_deprecated where it's not required or
-# reassigning the appropriate permissions to the inheriting domain
-# when necessary.
-attribute domain_deprecated;
-
# All types used for filesystems.
# On change, update CHECK_FC_ASSERT_ATTRS
# definition in tools/checkfc.c.
@@ -232,6 +222,9 @@
attribute hal_nfc;
attribute hal_nfc_client;
attribute hal_nfc_server;
+attribute hal_oemlock;
+attribute hal_oemlock_client;
+attribute hal_oemlock_server;
attribute hal_power;
attribute hal_power_client;
attribute hal_power_server;
@@ -259,6 +252,9 @@
attribute hal_vr;
attribute hal_vr_client;
attribute hal_vr_server;
+attribute hal_weaver;
+attribute hal_weaver_client;
+attribute hal_weaver_server;
attribute hal_wifi;
attribute hal_wifi_client;
attribute hal_wifi_server;
diff --git a/public/clatd.te b/public/clatd.te
index 8632087..212b76e 100644
--- a/public/clatd.te
+++ b/public/clatd.te
@@ -1,5 +1,5 @@
# 464xlat daemon
-type clatd, domain, domain_deprecated;
+type clatd, domain;
type clatd_exec, exec_type, file_type;
net_domain(clatd)
diff --git a/public/dex2oat.te b/public/dex2oat.te
index cc8111f..47f3bcb 100644
--- a/public/dex2oat.te
+++ b/public/dex2oat.te
@@ -1,5 +1,5 @@
# dex2oat
-type dex2oat, domain, domain_deprecated;
+type dex2oat, domain;
type dex2oat_exec, exec_type, file_type;
r_dir_file(dex2oat, apk_data_file)
diff --git a/public/dhcp.te b/public/dhcp.te
index 22351ed..2b54b7f 100644
--- a/public/dhcp.te
+++ b/public/dhcp.te
@@ -1,4 +1,4 @@
-type dhcp, domain, domain_deprecated;
+type dhcp, domain;
type dhcp_exec, exec_type, file_type;
net_domain(dhcp)
diff --git a/public/dumpstate.te b/public/dumpstate.te
index 503f359..4f66ffb 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -1,5 +1,5 @@
# dumpstate
-type dumpstate, domain, domain_deprecated, mlstrustedsubject;
+type dumpstate, domain, mlstrustedsubject;
type dumpstate_exec, exec_type, file_type;
net_domain(dumpstate)
diff --git a/public/fingerprintd.te b/public/fingerprintd.te
index 57cde1d..5dd18a3 100644
--- a/public/fingerprintd.te
+++ b/public/fingerprintd.te
@@ -1,4 +1,4 @@
-type fingerprintd, domain, domain_deprecated;
+type fingerprintd, domain;
type fingerprintd_exec, exec_type, file_type;
binder_use(fingerprintd)
diff --git a/public/fsck.te b/public/fsck.te
index 8f3b17a..b682a87 100644
--- a/public/fsck.te
+++ b/public/fsck.te
@@ -1,5 +1,5 @@
# Any fsck program run by init
-type fsck, domain, domain_deprecated;
+type fsck, domain;
type fsck_exec, exec_type, file_type;
# /dev/__null__ created by init prior to policy load,
diff --git a/public/fsck_untrusted.te b/public/fsck_untrusted.te
index a9dd805..e2aceb8 100644
--- a/public/fsck_untrusted.te
+++ b/public/fsck_untrusted.te
@@ -1,5 +1,5 @@
# Any fsck program run on untrusted block devices
-type fsck_untrusted, domain, domain_deprecated;
+type fsck_untrusted, domain;
# Inherit and use pty created by android_fork_execvp_ext().
allow fsck_untrusted devpts:chr_file { read write ioctl getattr };
diff --git a/public/hal_camera.te b/public/hal_camera.te
index 3c15e85..413a057 100644
--- a/public/hal_camera.te
+++ b/public/hal_camera.te
@@ -32,6 +32,5 @@
# hal_camera should never need network access. Disallow network sockets.
neverallow hal_camera domain:{ tcp_socket udp_socket rawip_socket } *;
-# Only camera HAL may directly access the camera and video hardware
+# Only camera HAL may directly access the camera hardware
neverallow { halserverdomain -hal_camera_server } camera_device:chr_file *;
-neverallow { halserverdomain -coredomain -hal_camera_server } video_device:chr_file *;
diff --git a/public/hal_oemlock.te b/public/hal_oemlock.te
new file mode 100644
index 0000000..dcbb964
--- /dev/null
+++ b/public/hal_oemlock.te
@@ -0,0 +1,2 @@
+# HwBinder IPC from client to server
+# binder_call(hal_oemlock_client, hal_oemlock_server)
diff --git a/public/hal_weaver.te b/public/hal_weaver.te
new file mode 100644
index 0000000..1910cf1
--- /dev/null
+++ b/public/hal_weaver.te
@@ -0,0 +1,2 @@
+# HwBinder IPC from client to server
+# binder_call(hal_weaver_client, hal_weaver_server)
diff --git a/public/installd.te b/public/installd.te
index 359356a..939a481 100644
--- a/public/installd.te
+++ b/public/installd.te
@@ -1,5 +1,5 @@
# installer daemon
-type installd, domain, domain_deprecated;
+type installd, domain;
type installd_exec, exec_type, file_type;
typeattribute installd mlstrustedsubject;
allow installd self:capability { chown dac_override fowner fsetid setgid setuid sys_admin };
diff --git a/public/keystore.te b/public/keystore.te
index 2c31185..ee5e675 100644
--- a/public/keystore.te
+++ b/public/keystore.te
@@ -1,4 +1,4 @@
-type keystore, domain, domain_deprecated;
+type keystore, domain;
type keystore_exec, exec_type, file_type;
# keystore daemon
diff --git a/public/mtp.te b/public/mtp.te
index 0ca7cea..a776240 100644
--- a/public/mtp.te
+++ b/public/mtp.te
@@ -1,5 +1,5 @@
# vpn tunneling protocol manager
-type mtp, domain, domain_deprecated;
+type mtp, domain;
type mtp_exec, exec_type, file_type;
net_domain(mtp)
diff --git a/public/netd.te b/public/netd.te
index 1694aec..691887f 100644
--- a/public/netd.te
+++ b/public/netd.te
@@ -1,5 +1,5 @@
# network manager
-type netd, domain, domain_deprecated, mlstrustedsubject;
+type netd, domain, mlstrustedsubject;
type netd_exec, exec_type, file_type;
net_domain(netd)
diff --git a/public/perfprofd.te b/public/perfprofd.te
index f0df6a0..bfb8693 100644
--- a/public/perfprofd.te
+++ b/public/perfprofd.te
@@ -4,7 +4,6 @@
userdebug_or_eng(`
- typeattribute perfprofd domain_deprecated;
typeattribute perfprofd coredomain;
typeattribute perfprofd mlstrustedsubject;
diff --git a/public/ppp.te b/public/ppp.te
index 918ef5e..04e17f5 100644
--- a/public/ppp.te
+++ b/public/ppp.te
@@ -1,5 +1,5 @@
# Point to Point Protocol daemon
-type ppp, domain, domain_deprecated;
+type ppp, domain;
type ppp_device, dev_type;
type ppp_exec, exec_type, file_type;
diff --git a/public/radio.te b/public/radio.te
index f5604fd..87329d9 100644
--- a/public/radio.te
+++ b/public/radio.te
@@ -1,5 +1,5 @@
# phone subsystem
-type radio, domain, domain_deprecated, mlstrustedsubject;
+type radio, domain, mlstrustedsubject;
net_domain(radio)
bluetooth_domain(radio)
diff --git a/public/recovery.te b/public/recovery.te
index f0ac97d..f55dc8a 100644
--- a/public/recovery.te
+++ b/public/recovery.te
@@ -2,7 +2,7 @@
# Declare the domain unconditionally so we can always reference it
# in neverallow rules.
-type recovery, domain, domain_deprecated;
+type recovery, domain;
# But the allow rules are only included in the recovery policy.
# Otherwise recovery is only allowed the domain rules.
diff --git a/public/rild.te b/public/rild.te
index e4b0186..14420df 100644
--- a/public/rild.te
+++ b/public/rild.te
@@ -1,5 +1,5 @@
# rild - radio interface layer daemon
-type rild, domain, domain_deprecated;
+type rild, domain;
hal_server_domain(rild, hal_telephony)
net_domain(rild)
diff --git a/public/runas.te b/public/runas.te
index 046165d..cda02ef 100644
--- a/public/runas.te
+++ b/public/runas.te
@@ -1,4 +1,4 @@
-type runas, domain, domain_deprecated, mlstrustedsubject;
+type runas, domain, mlstrustedsubject;
type runas_exec, exec_type, file_type;
allow runas adbd:process sigchld;
diff --git a/public/sdcardd.te b/public/sdcardd.te
index 3cb69be..47a2f80 100644
--- a/public/sdcardd.te
+++ b/public/sdcardd.te
@@ -1,4 +1,4 @@
-type sdcardd, domain, domain_deprecated;
+type sdcardd, domain;
type sdcardd_exec, exec_type, file_type;
allow sdcardd cgroup:dir create_dir_perms;
diff --git a/public/shared_relro.te b/public/shared_relro.te
index 9794b0b..91cf44d 100644
--- a/public/shared_relro.te
+++ b/public/shared_relro.te
@@ -1,5 +1,5 @@
# Process which creates/updates shared RELRO files to be used by other apps.
-type shared_relro, domain, domain_deprecated;
+type shared_relro, domain;
# Grant write access to the shared relro files/directory.
allow shared_relro shared_relro_file:dir rw_dir_perms;
diff --git a/public/ueventd.te b/public/ueventd.te
index 8ec667e..4c77e11 100644
--- a/public/ueventd.te
+++ b/public/ueventd.te
@@ -1,6 +1,6 @@
# ueventd seclabel is specified in init.rc since
# it lives in the rootfs and has no unique file type.
-type ueventd, domain, domain_deprecated;
+type ueventd, domain;
# Write to /dev/kmsg.
allow ueventd kmsg_device:chr_file rw_file_perms;
diff --git a/public/uncrypt.te b/public/uncrypt.te
index ef1289c..7ae7d39 100644
--- a/public/uncrypt.te
+++ b/public/uncrypt.te
@@ -1,5 +1,5 @@
# uncrypt
-type uncrypt, domain, domain_deprecated, mlstrustedsubject;
+type uncrypt, domain, mlstrustedsubject;
type uncrypt_exec, exec_type, file_type;
allow uncrypt self:capability dac_override;
diff --git a/public/update_engine.te b/public/update_engine.te
index 69ee7c8..b8f0035 100644
--- a/public/update_engine.te
+++ b/public/update_engine.te
@@ -1,5 +1,5 @@
# Domain for update_engine daemon.
-type update_engine, domain, domain_deprecated, update_engine_common;
+type update_engine, domain, update_engine_common;
type update_engine_exec, exec_type, file_type;
net_domain(update_engine);
diff --git a/public/vold.te b/public/vold.te
index 20181d1..81ee28c 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -1,5 +1,5 @@
# volume manager
-type vold, domain, domain_deprecated;
+type vold, domain;
type vold_exec, exec_type, file_type;
# Read already opened /cache files.
diff --git a/vendor/tee.te b/vendor/tee.te
index f7c2cb5..348d715 100644
--- a/vendor/tee.te
+++ b/vendor/tee.te
@@ -1,8 +1,6 @@
##
# trusted execution environment (tee) daemon
#
-typeattribute tee domain_deprecated;
-
type tee_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(tee)