Merge changes from topic 'add_vendor_shell_toybox' into oc-dev
* changes:
suppress audit logs from rild's access to core domain through system()
sepolicy: auditallow vendor components to execute files from /system
vendor_shell: add sepolicy for vendor shell
toolbox: add sepolicy for vendor toybox
Do not allow priv_apps to scan all exec files
diff --git a/private/priv_app.te b/private/priv_app.te
index ad8ab46..bb7598e 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -31,6 +31,7 @@
allow priv_app mediaextractor_service:service_manager find;
allow priv_app mediaserver_service:service_manager find;
allow priv_app nfc_service:service_manager find;
+allow priv_app oem_lock_service:service_manager find;
allow priv_app radio_service:service_manager find;
allow priv_app surfaceflinger_service:service_manager find;
allow priv_app app_api_service:service_manager find;
diff --git a/private/service_contexts b/private/service_contexts
index 03bfe26..8ba1b0c 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -105,6 +105,7 @@
network_time_update_service u:object_r:network_time_update_service:s0
nfc u:object_r:nfc_service:s0
notification u:object_r:notification_service:s0
+oem_lock u:object_r:oem_lock_service:s0
otadexopt u:object_r:otadexopt_service:s0
overlay u:object_r:overlay_service:s0
package u:object_r:package_service:s0
diff --git a/public/attributes b/public/attributes
index e120c8f..2d5db7f 100644
--- a/public/attributes
+++ b/public/attributes
@@ -44,15 +44,6 @@
# All types in /vendor
attribute vendor_file_type;
-# All vendor domains which violate the requirement of not accessing
-# data outside /data/vendor.
-# TODO(b/34980020): Remove this once there are no violations
-attribute coredata_in_vendor_violators;
-# All core domains which violate the requirement of not accessing vendor
-# owned data.
-# TODO(b/34980020): Remove this once there are no violations
-attribute vendordata_in_core_violators;
-
# All types use for sysfs files.
attribute sysfs_type;
diff --git a/public/domain.te b/public/domain.te
index 5b20c81..24e21e6 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -545,64 +545,6 @@
} servicemanager:binder { call transfer };
')
-##
-# On full TREBLE devices core android components and vendor components may
-# not directly access each other's data types. All communication must occur
-# over HW binder. Open file descriptors may be passed and read/write/stat
-# operations my be performed on those FDs. Disallow all other operations.
-full_treble_only(`
- # do not allow vendor component access to coredomains data types
- neverallow {
- domain
- -coredomain
- -appdomain
- -coredata_in_vendor_violators
- }
- core_data_file_type
- -zoneinfo_data_file # Stable API provided by libc
- :{
- file_class_set
- } ~{ append getattr ioctl read write };
- # do not allow vendor component access to coredomains data directories.
- # /data has the system_data_file type. Allow all domains to have dir
- # search permissions which allows path traversal.
- neverallow {
- domain
- -coredomain
- -appdomain
- -coredata_in_vendor_violators
- } {
- core_data_file_type
- -system_data_file
- -zoneinfo_data_file # Stable API provided by libc
- }:dir *;
- neverallow {
- domain
- -coredomain
- -appdomain
- -coredata_in_vendor_violators
- } system_data_file:dir ~search;
- # do not allow coredomains to directly access vendor data. Exempt init
- # because it is responsible for dir/file creation in init.rc scripts.
- # Also exempt halclientdomain to exclude rules for passthrough mode.
- neverallow {
- coredomain
- -halclientdomain
- -init
- -vendordata_in_core_violators
- } {
- data_file_type
- -core_data_file_type
- }:file_class_set ~{ append getattr ioctl read write };
- # do not allow coredomain to access vendor data directories.
- neverallow {
- coredomain
- -halclientdomain
- -init
- -vendordata_in_core_violators
- } { data_file_type -core_data_file_type }:dir *;
-')
-
# On full TREBLE devices, socket communications between core components and vendor components are
# not permitted.
full_treble_only(`
diff --git a/public/mediacodec.te b/public/mediacodec.te
index b8cde80..c67078b 100644
--- a/public/mediacodec.te
+++ b/public/mediacodec.te
@@ -8,7 +8,14 @@
# and use macro hal_server_domain
get_prop(mediacodec, hwservicemanager_prop)
-binder_use(mediacodec)
+full_treble_only(`
+ # on full-Treble devices, route all /dev/binder traffic to /dev/vndbinder
+ vndbinder_use(mediacodec)
+')
+not_full_treble(`
+ # on legacy devices, continue to allow /dev/binder traffic
+ binder_use(mediacodec)
+')
binder_call(mediacodec, binderservicedomain)
binder_call(mediacodec, appdomain)
binder_service(mediacodec)
diff --git a/public/rild.te b/public/rild.te
index 77f146b..e4b0186 100644
--- a/public/rild.te
+++ b/public/rild.te
@@ -19,9 +19,6 @@
allow rild shell_exec:file rx_file_perms;
allow rild bluetooth_efs_file:file r_file_perms;
allow rild bluetooth_efs_file:dir r_dir_perms;
-# TODO (b/36601950) remove RILD's access to radio_data_file and
-# system_data_file. Remove coredata_in_vendor_violators attribute.
-typeattribute rild coredata_in_vendor_violators;
allow rild radio_data_file:dir rw_dir_perms;
allow rild radio_data_file:file create_file_perms;
allow rild sdcard_type:dir r_dir_perms;
diff --git a/public/service.te b/public/service.te
index 96a692a..efd4c86 100644
--- a/public/service.te
+++ b/public/service.te
@@ -98,6 +98,7 @@
type network_score_service, system_api_service, system_server_service, service_manager_type;
type network_time_update_service, system_server_service, service_manager_type;
type notification_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type oem_lock_service, system_api_service, system_server_service, service_manager_type;
type otadexopt_service, system_server_service, service_manager_type;
type overlay_service, system_server_service, service_manager_type;
type package_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
diff --git a/vendor/hal_audio_default.te b/vendor/hal_audio_default.te
index a10a6cf..9c38819 100644
--- a/vendor/hal_audio_default.te
+++ b/vendor/hal_audio_default.te
@@ -7,7 +7,3 @@
hal_client_domain(hal_audio_default, hal_allocator)
typeattribute hal_audio_default socket_between_core_and_vendor_violators;
-# TODO (b/36601590) move hal_audio's data file to
-# /data/vendor/hardware/hal_audio. Remove coredata_in_vendor_violators
-# attribute.
-typeattribute hal_audio_default coredata_in_vendor_violators;
diff --git a/vendor/hal_camera_default.te b/vendor/hal_camera_default.te
index 60b6a5c..8f86a27 100644
--- a/vendor/hal_camera_default.te
+++ b/vendor/hal_camera_default.te
@@ -3,8 +3,3 @@
type hal_camera_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_camera_default)
-
-# TODO (b/36601397) move hal_camera's data file to
-# /data/vendor/hardware/hal_camera. Remove coredata_in_vendor_violators
-# attribute.
-typeattribute hal_camera_default coredata_in_vendor_violators;
diff --git a/vendor/hal_drm_default.te b/vendor/hal_drm_default.te
index 3aeec06..b79c3b5 100644
--- a/vendor/hal_drm_default.te
+++ b/vendor/hal_drm_default.te
@@ -6,8 +6,3 @@
allow hal_drm_default mediacodec:fd use;
allow hal_drm_default { appdomain -isolated_app }:fd use;
-
-# TODO (b/36601695) remove hal_drm's access to /data or move to
-# /data/vendor/hardware/hal_drm. Remove coredata_in_vendor_violators
-# attribute.
-typeattribute hal_drm_default coredata_in_vendor_violators;
diff --git a/vendor/hal_fingerprint_default.te b/vendor/hal_fingerprint_default.te
index 322c104..638b603 100644
--- a/vendor/hal_fingerprint_default.te
+++ b/vendor/hal_fingerprint_default.te
@@ -3,7 +3,3 @@
type hal_fingerprint_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_fingerprint_default)
-
-# TODO (b/36644492) move hal_fingerprint's data file to
-# /data/vendor/. Remove coredata_in_vendor_violators attribute.
-typeattribute hal_fingerprint_default coredata_in_vendor_violators;
diff --git a/vendor/hal_nfc_default.te b/vendor/hal_nfc_default.te
index 2f1c092..6a1002f 100644
--- a/vendor/hal_nfc_default.te
+++ b/vendor/hal_nfc_default.te
@@ -4,8 +4,4 @@
type hal_nfc_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_nfc_default)
-# TODO (b/36645109) Remove hal_nfc's access to the nfc app's
-# data type. Remove coredata_in_vendor_violators and
-# socket_between_core_and_vendor_violators attribute associations below.
-typeattribute hal_nfc_default coredata_in_vendor_violators;
typeattribute hal_nfc_default socket_between_core_and_vendor_violators;
diff --git a/vendor/hal_tv_cec_default.te b/vendor/hal_tv_cec_default.te
index cf071e6..080e73b 100644
--- a/vendor/hal_tv_cec_default.te
+++ b/vendor/hal_tv_cec_default.te
@@ -1,5 +1,5 @@
type hal_tv_cec_default, domain;
hal_server_domain(hal_tv_cec_default, hal_tv_cec)
-type hal_tv_cec_default_exec, exec_type, file_type;
+type hal_tv_cec_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_tv_cec_default)
diff --git a/vendor/hal_wifi_supplicant_default.te b/vendor/hal_wifi_supplicant_default.te
index c2bdc73..62b03be 100644
--- a/vendor/hal_wifi_supplicant_default.te
+++ b/vendor/hal_wifi_supplicant_default.te
@@ -11,8 +11,3 @@
# Allow wpa_supplicant to talk to Wifi Keystore HwBinder service.
hwbinder_use(hal_wifi_supplicant_default)
binder_call(hal_wifi_supplicant_default, wifi_keystore_service_server)
-
-# TODO (b/36645291) Move hal_wifi_supplicant's data access to /data/vendor
-# Remove coredata_in_vendor_violators attribute.
-# wpa supplicant or equivalent
-typeattribute hal_wifi_supplicant_default coredata_in_vendor_violators;
diff --git a/vendor/hostapd.te b/vendor/hostapd.te
index d20581e..2c62cf0 100644
--- a/vendor/hostapd.te
+++ b/vendor/hostapd.te
@@ -31,7 +31,3 @@
allow hostapd hostapd_socket:dir create_dir_perms;
# hostapd needs to create, bind to, read, and write its control socket.
allow hostapd hostapd_socket:sock_file create_file_perms;
-
-# TODO (b/36646171) Move hostapd's data access to /data/vendor
-# Remove coredata_in_vendor_violators attribute.
-typeattribute hostapd coredata_in_vendor_violators;
diff --git a/vendor/tee.te b/vendor/tee.te
index e5e8b2d..f7c2cb5 100644
--- a/vendor/tee.te
+++ b/vendor/tee.te
@@ -15,7 +15,5 @@
allow tee ion_device:chr_file r_file_perms;
r_dir_file(tee, sysfs_type)
-# TODO(b/36720355): Remove this once tee no longer access non-vendor files
-typeattribute tee coredata_in_vendor_violators;
allow tee system_data_file:file { getattr read };
allow tee system_data_file:lnk_file r_file_perms;