Remove rules for starting the webview_zygote as a child of init.
The webview_zygote is now launched as a child-zygote process from the
main zygote process.
Bug: 63749735
Test: m
Test: Launch "Third-party licenses" activity from Settings, and it
renders correctly via the WebView.
Change-Id: I9c948b58a969d35d5a5add4b6ab62b8f990645d1
diff --git a/private/compat/26.0/26.0.cil b/private/compat/26.0/26.0.cil
index 84a34cf..4cffaab 100644
--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@@ -11,6 +11,7 @@
(type tracing_shell_writable)
(type tracing_shell_writable_debug)
(type vold_socket)
+(type webview_zygote_socket)
(typeattributeset accessibility_service_26_0 (accessibility_service))
(typeattributeset account_service_26_0 (account_service))
diff --git a/private/file_contexts b/private/file_contexts
index 540757d..7450f98 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -155,7 +155,6 @@
/dev/socket/traced_producer u:object_r:traced_producer_socket:s0
/dev/socket/traced_consumer u:object_r:traced_consumer_socket:s0
/dev/socket/uncrypt u:object_r:uncrypt_socket:s0
-/dev/socket/webview_zygote u:object_r:webview_zygote_socket:s0
/dev/socket/wpa_eth[0-9] u:object_r:wpa_socket:s0
/dev/socket/wpa_wlan[0-9] u:object_r:wpa_socket:s0
/dev/socket/zygote u:object_r:zygote_socket:s0
@@ -274,8 +273,6 @@
/system/bin/bspatch u:object_r:update_engine_exec:s0
/system/bin/storaged u:object_r:storaged_exec:s0
/system/bin/thermalserviced u:object_r:thermalserviced_exec:s0
-/system/bin/webview_zygote32 u:object_r:webview_zygote_exec:s0
-/system/bin/webview_zygote64 u:object_r:webview_zygote_exec:s0
/system/bin/wpantund u:object_r:wpantund_exec:s0
/system/bin/virtual_touchpad u:object_r:virtual_touchpad_exec:s0
/system/bin/hw/android\.hidl\.allocator@1\.0-service u:object_r:hal_allocator_default_exec:s0
diff --git a/private/isolated_app.te b/private/isolated_app.te
index 06ed2c8..a6276b3 100644
--- a/private/isolated_app.te
+++ b/private/isolated_app.te
@@ -108,7 +108,7 @@
neverallow isolated_app { usb_device usbaccessory_device }:chr_file *;
# Restrict the webview_zygote control socket.
-neverallow isolated_app webview_zygote_socket:sock_file write;
+neverallow isolated_app webview_zygote:sock_file write;
# Limit the /sys files which isolated_app can access. This is important
# for controlling isolated_app attack surface.
diff --git a/private/system_server.te b/private/system_server.te
index 6d485ff..02d01f4 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -152,7 +152,6 @@
unix_socket_connect(system_server, lmkd, lmkd)
unix_socket_connect(system_server, mtpd, mtp)
unix_socket_connect(system_server, netd, netd)
-unix_socket_connect(system_server, webview_zygote, webview_zygote)
unix_socket_connect(system_server, zygote, zygote)
unix_socket_connect(system_server, racoon, racoon)
unix_socket_connect(system_server, uncrypt, uncrypt)
@@ -160,6 +159,9 @@
# Communicate over a socket created by surfaceflinger.
allow system_server surfaceflinger:unix_stream_socket { read write setopt };
+# Communicate over a socket created by webview_zygote.
+allow system_server webview_zygote:unix_stream_socket { read write connectto setopt };
+
# Perform Binder IPC.
binder_use(system_server)
binder_call(system_server, appdomain)
diff --git a/private/webview_zygote.te b/private/webview_zygote.te
index e092112..a637a8b 100644
--- a/private/webview_zygote.te
+++ b/private/webview_zygote.te
@@ -6,9 +6,9 @@
# The webview_zygote needs to be able to transition domains.
typeattribute webview_zygote mlstrustedsubject;
-# When init launches the WebView zygote's executable, transition the
-# resulting process into webview_zygote domain.
-init_daemon_domain(webview_zygote)
+# Allow access to temporary files, which is normally permitted through
+# a domain macro.
+tmpfs_domain(webview_zygote);
# Allow reading/executing installed binaries to enable preloading the
# installed WebView implementation.
@@ -84,9 +84,8 @@
# Having said that, exec() above is not allowed.
neverallow webview_zygote *:file execute_no_trans;
-# The only way to enter this domain is for init to exec() us or the zygote
-# to fork a new webview_zygote child.
-neverallow { domain -init } webview_zygote:process transition;
+# The only way to enter this domain is for the zygote to fork a new
+# webview_zygote child.
neverallow { domain -zygote } webview_zygote:process dyntransition;
# Disallow write access to properties.