Merge "Move domain_deprecated into private policy" into oc-dev am: 02a101a695

am: 35e09523a5

Change-Id: I728d32563d123fafd7c316f5ea5764a463876757

private/attributes

@@ -0,0 +1,9 @@
+# Temporary attribute used for migrating permissions out of domain.
+# Motivation: Domain is overly permissive. Start removing permissions
+# from domain and assign them to the domain_deprecated attribute.
+# Domain_deprecated and domain can initially be assigned to all
+# domains. The goal is to not assign domain_deprecated to new domains
+# and to start removing domain_deprecated where it's not required or
+# reassigning the appropriate permissions to the inheriting domain
+# when necessary.
+attribute domain_deprecated;

private/clatd.te

@@ -1 +1,2 @@
 typeattribute clatd coredomain;
+typeattribute clatd domain_deprecated;

private/dex2oat.te

@@ -1 +1,2 @@
 typeattribute dex2oat coredomain;
+typeattribute dex2oat domain_deprecated;

private/dhcp.te

@@ -1,4 +1,5 @@
 typeattribute dhcp coredomain;
+typeattribute dhcp domain_deprecated;
 
 init_daemon_domain(dhcp)
 type_transition dhcp system_data_file:{ dir file } dhcp_data_file;

private/domain_deprecated.te

@@ -79,7 +79,6 @@ auditallow {
   -fingerprintd
   -installd
   -keystore
-  -rild
   -surfaceflinger
   -system_server
   -update_engine
@@ -193,7 +192,6 @@ auditallow {
   domain_deprecated
   -fsck
   -fsck_untrusted
-  -rild
   -sdcardd
   -system_server
   -update_engine
@@ -203,7 +201,6 @@ auditallow {
   domain_deprecated
   -fsck
   -fsck_untrusted
-  -rild
   -system_server
   -vold
 } proc:lnk_file { open ioctl lock }; # getattr read granted in domain
@@ -212,7 +209,6 @@ auditallow {
   -fingerprintd
   -healthd
   -netd
-  -rild
   -system_app
   -surfaceflinger
   -system_server
@@ -225,7 +221,6 @@ auditallow {
   -fingerprintd
   -healthd
   -netd
-  -rild
   -system_app
   -surfaceflinger
   -system_server
@@ -238,7 +233,6 @@ auditallow {
   -fingerprintd
   -healthd
   -netd
-  -rild
   -system_app
   -surfaceflinger
   -system_server
@@ -256,7 +250,6 @@ auditallow {
   -installd
   -keystore
   -netd
-  -rild
   -surfaceflinger
   -system_server
   -zygote
@@ -271,7 +264,6 @@ auditallow {
   -installd
   -keystore
   -netd
-  -rild
   -surfaceflinger
   -system_server
   -zygote

private/dumpstate.te

@@ -1,4 +1,5 @@
 typeattribute dumpstate coredomain;
+typeattribute dumpstate domain_deprecated;
 
 init_daemon_domain(dumpstate)
 

private/fingerprintd.te

@@ -1,3 +1,4 @@
 typeattribute fingerprintd coredomain;
+typeattribute fingerprintd domain_deprecated;
 
 init_daemon_domain(fingerprintd)

private/fsck.te

@@ -1,3 +1,4 @@
 typeattribute fsck coredomain;
+typeattribute fsck domain_deprecated;
 
 init_daemon_domain(fsck)

private/fsck_untrusted.te

@@ -1 +1,2 @@
 typeattribute fsck_untrusted coredomain;
+typeattribute fsck_untrusted domain_deprecated;

private/installd.te

@@ -1,4 +1,5 @@
 typeattribute installd coredomain;
+typeattribute installd domain_deprecated;
 
 init_daemon_domain(installd)
 

private/keystore.te

@@ -1,4 +1,5 @@
 typeattribute keystore coredomain;
+typeattribute keystore domain_deprecated;
 
 init_daemon_domain(keystore)
 

private/mtp.te

@@ -1,3 +1,4 @@
 typeattribute mtp coredomain;
+typeattribute mtp domain_deprecated;
 
 init_daemon_domain(mtp)

private/netd.te

@@ -1,4 +1,5 @@
 typeattribute netd coredomain;
+typeattribute netd domain_deprecated;
 
 init_daemon_domain(netd)
 

private/perfprofd.te

@@ -1,4 +1,5 @@
 userdebug_or_eng(`
   typeattribute perfprofd coredomain;
+  typeattribute perfprofd domain_deprecated;
   init_daemon_domain(perfprofd)
 ')

private/ppp.te

@@ -1,3 +1,4 @@
 typeattribute ppp coredomain;
+typeattribute ppp domain_deprecated;
 
 domain_auto_trans(mtp, ppp_exec, ppp)

private/radio.te

@@ -1,4 +1,5 @@
 typeattribute radio coredomain;
+typeattribute radio domain_deprecated;
 
 app_domain(radio)
 

private/recovery.te

@@ -1 +1,2 @@
 typeattribute recovery coredomain;
+typeattribute recovery domain_deprecated;

private/runas.te

@@ -1,4 +1,5 @@
 typeattribute runas coredomain;
+typeattribute runas domain_deprecated;
 
 # ndk-gdb invokes adb shell run-as.
 domain_auto_trans(shell, runas_exec, runas)

private/sdcardd.te

@@ -1,3 +1,4 @@
 typeattribute sdcardd coredomain;
+typeattribute sdcardd domain_deprecated;
 
 type_transition sdcardd system_data_file:{ dir file } media_rw_data_file;

private/shared_relro.te

@@ -1,4 +1,5 @@
 typeattribute shared_relro coredomain;
+typeattribute shared_relro domain_deprecated;
 
 # The shared relro process is a Java program forked from the zygote, so it
 # inherits from app to get basic permissions it needs to run.

private/ueventd.te

@@ -1,3 +1,4 @@
 typeattribute ueventd coredomain;
+typeattribute ueventd domain_deprecated;
 
 tmpfs_domain(ueventd)

private/uncrypt.te

@@ -1,3 +1,4 @@
 typeattribute uncrypt coredomain;
+typeattribute uncrypt domain_deprecated;
 
 init_daemon_domain(uncrypt)

private/update_engine.te

@@ -1,3 +1,4 @@
 typeattribute update_engine coredomain;
+typeattribute update_engine domain_deprecated;
 
 init_daemon_domain(update_engine);

private/vold.te

@@ -1,4 +1,5 @@
 typeattribute vold coredomain;
+typeattribute vold domain_deprecated;
 
 init_daemon_domain(vold)
 

public/attributes

@@ -10,16 +10,6 @@ attribute dev_type;
 # All types used for processes.
 attribute domain;
 
-# Temporary attribute used for migrating permissions out of domain.
-# Motivation: Domain is overly permissive. Start removing permissions
-# from domain and assign them to the domain_deprecated attribute.
-# Domain_deprecated and domain can initially be assigned to all
-# domains. The goal is to not assign domain_deprecated to new domains
-# and to start removing domain_deprecated where it's not required or
-# reassigning the appropriate permissions to the inheriting domain
-# when necessary.
-attribute domain_deprecated;
-
 # All types used for filesystems.
 # On change, update CHECK_FC_ASSERT_ATTRS
 # definition in tools/checkfc.c.

public/clatd.te

@@ -1,5 +1,5 @@
 # 464xlat daemon
-type clatd, domain, domain_deprecated;
+type clatd, domain;
 type clatd_exec, exec_type, file_type;
 
 net_domain(clatd)

public/dex2oat.te

@@ -1,5 +1,5 @@
 # dex2oat
-type dex2oat, domain, domain_deprecated;
+type dex2oat, domain;
 type dex2oat_exec, exec_type, file_type;
 
 r_dir_file(dex2oat, apk_data_file)

public/dhcp.te

@@ -1,4 +1,4 @@
-type dhcp, domain, domain_deprecated;
+type dhcp, domain;
 type dhcp_exec, exec_type, file_type;
 
 net_domain(dhcp)

public/dumpstate.te

@@ -1,5 +1,5 @@
 # dumpstate
-type dumpstate, domain, domain_deprecated, mlstrustedsubject;
+type dumpstate, domain, mlstrustedsubject;
 type dumpstate_exec, exec_type, file_type;
 
 net_domain(dumpstate)

public/fingerprintd.te

@@ -1,4 +1,4 @@
-type fingerprintd, domain, domain_deprecated;
+type fingerprintd, domain;
 type fingerprintd_exec, exec_type, file_type;
 
 binder_use(fingerprintd)

public/fsck.te

@@ -1,5 +1,5 @@
 # Any fsck program run by init
-type fsck, domain, domain_deprecated;
+type fsck, domain;
 type fsck_exec, exec_type, file_type;
 
 # /dev/__null__ created by init prior to policy load,

public/fsck_untrusted.te

@@ -1,5 +1,5 @@
 # Any fsck program run on untrusted block devices
-type fsck_untrusted, domain, domain_deprecated;
+type fsck_untrusted, domain;
 
 # Inherit and use pty created by android_fork_execvp_ext().
 allow fsck_untrusted devpts:chr_file { read write ioctl getattr };

public/installd.te

@@ -1,5 +1,5 @@
 # installer daemon
-type installd, domain, domain_deprecated;
+type installd, domain;
 type installd_exec, exec_type, file_type;
 typeattribute installd mlstrustedsubject;
 allow installd self:capability { chown dac_override fowner fsetid setgid setuid sys_admin };

public/keystore.te

@@ -1,4 +1,4 @@
-type keystore, domain, domain_deprecated;
+type keystore, domain;
 type keystore_exec, exec_type, file_type;
 
 # keystore daemon

public/mtp.te

@@ -1,5 +1,5 @@
 # vpn tunneling protocol manager
-type mtp, domain, domain_deprecated;
+type mtp, domain;
 type mtp_exec, exec_type, file_type;
 
 net_domain(mtp)

public/netd.te

@@ -1,5 +1,5 @@
 # network manager
-type netd, domain, domain_deprecated, mlstrustedsubject;
+type netd, domain, mlstrustedsubject;
 type netd_exec, exec_type, file_type;
 
 net_domain(netd)

public/perfprofd.te

@@ -4,7 +4,6 @@ type perfprofd_exec, exec_type, file_type;
 
 userdebug_or_eng(`
 
-  typeattribute perfprofd domain_deprecated;
   typeattribute perfprofd coredomain;
   typeattribute perfprofd mlstrustedsubject;
 

public/ppp.te

@@ -1,5 +1,5 @@
 # Point to Point Protocol daemon
-type ppp, domain, domain_deprecated;
+type ppp, domain;
 type ppp_device, dev_type;
 type ppp_exec, exec_type, file_type;
 

public/radio.te

@@ -1,5 +1,5 @@
 # phone subsystem
-type radio, domain, domain_deprecated, mlstrustedsubject;
+type radio, domain, mlstrustedsubject;
 
 net_domain(radio)
 bluetooth_domain(radio)

public/recovery.te

@@ -2,7 +2,7 @@
 
 # Declare the domain unconditionally so we can always reference it
 # in neverallow rules.
-type recovery, domain, domain_deprecated;
+type recovery, domain;
 
 # But the allow rules are only included in the recovery policy.
 # Otherwise recovery is only allowed the domain rules.

public/rild.te

@@ -1,5 +1,5 @@
 # rild - radio interface layer daemon
-type rild, domain, domain_deprecated;
+type rild, domain;
 hal_server_domain(rild, hal_telephony)
 
 net_domain(rild)

public/runas.te

@@ -1,4 +1,4 @@
-type runas, domain, domain_deprecated, mlstrustedsubject;
+type runas, domain, mlstrustedsubject;
 type runas_exec, exec_type, file_type;
 
 allow runas adbd:process sigchld;

public/sdcardd.te

@@ -1,4 +1,4 @@
-type sdcardd, domain, domain_deprecated;
+type sdcardd, domain;
 type sdcardd_exec, exec_type, file_type;
 
 allow sdcardd cgroup:dir create_dir_perms;

public/shared_relro.te

@@ -1,5 +1,5 @@
 # Process which creates/updates shared RELRO files to be used by other apps.
-type shared_relro, domain, domain_deprecated;
+type shared_relro, domain;
 
 # Grant write access to the shared relro files/directory.
 allow shared_relro shared_relro_file:dir rw_dir_perms;

public/ueventd.te

@@ -1,6 +1,6 @@
 # ueventd seclabel is specified in init.rc since
 # it lives in the rootfs and has no unique file type.
-type ueventd, domain, domain_deprecated;
+type ueventd, domain;
 
 # Write to /dev/kmsg.
 allow ueventd kmsg_device:chr_file rw_file_perms;

public/uncrypt.te

@@ -1,5 +1,5 @@
 # uncrypt
-type uncrypt, domain, domain_deprecated, mlstrustedsubject;
+type uncrypt, domain, mlstrustedsubject;
 type uncrypt_exec, exec_type, file_type;
 
 allow uncrypt self:capability dac_override;

public/update_engine.te

@@ -1,5 +1,5 @@
 # Domain for update_engine daemon.
-type update_engine, domain, domain_deprecated, update_engine_common;
+type update_engine, domain, update_engine_common;
 type update_engine_exec, exec_type, file_type;
 
 net_domain(update_engine);

public/vold.te

@@ -1,5 +1,5 @@
 # volume manager
-type vold, domain, domain_deprecated;
+type vold, domain;
 type vold_exec, exec_type, file_type;
 
 # Read already opened /cache files.

vendor/tee.te

@@ -1,8 +1,6 @@
 ##
 # trusted execution environment (tee) daemon
 #
-typeattribute tee domain_deprecated;
-
 type tee_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(tee)