Merge "Move domain_deprecated into private policy" into oc-dev
am: 02a101a695
Change-Id: I0140009cfbf316489db4994b414ac079776ead21
This commit is contained in:
commit
35e09523a5
9
private/attributes
Normal file
9
private/attributes
Normal file
@ -0,0 +1,9 @@
|
||||
# Temporary attribute used for migrating permissions out of domain.
|
||||
# Motivation: Domain is overly permissive. Start removing permissions
|
||||
# from domain and assign them to the domain_deprecated attribute.
|
||||
# Domain_deprecated and domain can initially be assigned to all
|
||||
# domains. The goal is to not assign domain_deprecated to new domains
|
||||
# and to start removing domain_deprecated where it's not required or
|
||||
# reassigning the appropriate permissions to the inheriting domain
|
||||
# when necessary.
|
||||
attribute domain_deprecated;
|
@ -1 +1,2 @@
|
||||
typeattribute clatd coredomain;
|
||||
typeattribute clatd domain_deprecated;
|
||||
|
@ -1 +1,2 @@
|
||||
typeattribute dex2oat coredomain;
|
||||
typeattribute dex2oat domain_deprecated;
|
||||
|
@ -1,4 +1,5 @@
|
||||
typeattribute dhcp coredomain;
|
||||
typeattribute dhcp domain_deprecated;
|
||||
|
||||
init_daemon_domain(dhcp)
|
||||
type_transition dhcp system_data_file:{ dir file } dhcp_data_file;
|
||||
|
@ -79,7 +79,6 @@ auditallow {
|
||||
-fingerprintd
|
||||
-installd
|
||||
-keystore
|
||||
-rild
|
||||
-surfaceflinger
|
||||
-system_server
|
||||
-update_engine
|
||||
@ -193,7 +192,6 @@ auditallow {
|
||||
domain_deprecated
|
||||
-fsck
|
||||
-fsck_untrusted
|
||||
-rild
|
||||
-sdcardd
|
||||
-system_server
|
||||
-update_engine
|
||||
@ -203,7 +201,6 @@ auditallow {
|
||||
domain_deprecated
|
||||
-fsck
|
||||
-fsck_untrusted
|
||||
-rild
|
||||
-system_server
|
||||
-vold
|
||||
} proc:lnk_file { open ioctl lock }; # getattr read granted in domain
|
||||
@ -212,7 +209,6 @@ auditallow {
|
||||
-fingerprintd
|
||||
-healthd
|
||||
-netd
|
||||
-rild
|
||||
-system_app
|
||||
-surfaceflinger
|
||||
-system_server
|
||||
@ -225,7 +221,6 @@ auditallow {
|
||||
-fingerprintd
|
||||
-healthd
|
||||
-netd
|
||||
-rild
|
||||
-system_app
|
||||
-surfaceflinger
|
||||
-system_server
|
||||
@ -238,7 +233,6 @@ auditallow {
|
||||
-fingerprintd
|
||||
-healthd
|
||||
-netd
|
||||
-rild
|
||||
-system_app
|
||||
-surfaceflinger
|
||||
-system_server
|
||||
@ -256,7 +250,6 @@ auditallow {
|
||||
-installd
|
||||
-keystore
|
||||
-netd
|
||||
-rild
|
||||
-surfaceflinger
|
||||
-system_server
|
||||
-zygote
|
||||
@ -271,7 +264,6 @@ auditallow {
|
||||
-installd
|
||||
-keystore
|
||||
-netd
|
||||
-rild
|
||||
-surfaceflinger
|
||||
-system_server
|
||||
-zygote
|
@ -1,4 +1,5 @@
|
||||
typeattribute dumpstate coredomain;
|
||||
typeattribute dumpstate domain_deprecated;
|
||||
|
||||
init_daemon_domain(dumpstate)
|
||||
|
||||
|
@ -1,3 +1,4 @@
|
||||
typeattribute fingerprintd coredomain;
|
||||
typeattribute fingerprintd domain_deprecated;
|
||||
|
||||
init_daemon_domain(fingerprintd)
|
||||
|
@ -1,3 +1,4 @@
|
||||
typeattribute fsck coredomain;
|
||||
typeattribute fsck domain_deprecated;
|
||||
|
||||
init_daemon_domain(fsck)
|
||||
|
@ -1 +1,2 @@
|
||||
typeattribute fsck_untrusted coredomain;
|
||||
typeattribute fsck_untrusted domain_deprecated;
|
||||
|
@ -1,4 +1,5 @@
|
||||
typeattribute installd coredomain;
|
||||
typeattribute installd domain_deprecated;
|
||||
|
||||
init_daemon_domain(installd)
|
||||
|
||||
|
@ -1,4 +1,5 @@
|
||||
typeattribute keystore coredomain;
|
||||
typeattribute keystore domain_deprecated;
|
||||
|
||||
init_daemon_domain(keystore)
|
||||
|
||||
|
@ -1,3 +1,4 @@
|
||||
typeattribute mtp coredomain;
|
||||
typeattribute mtp domain_deprecated;
|
||||
|
||||
init_daemon_domain(mtp)
|
||||
|
@ -1,4 +1,5 @@
|
||||
typeattribute netd coredomain;
|
||||
typeattribute netd domain_deprecated;
|
||||
|
||||
init_daemon_domain(netd)
|
||||
|
||||
|
@ -1,4 +1,5 @@
|
||||
userdebug_or_eng(`
|
||||
typeattribute perfprofd coredomain;
|
||||
typeattribute perfprofd domain_deprecated;
|
||||
init_daemon_domain(perfprofd)
|
||||
')
|
||||
|
@ -1,3 +1,4 @@
|
||||
typeattribute ppp coredomain;
|
||||
typeattribute ppp domain_deprecated;
|
||||
|
||||
domain_auto_trans(mtp, ppp_exec, ppp)
|
||||
|
@ -1,4 +1,5 @@
|
||||
typeattribute radio coredomain;
|
||||
typeattribute radio domain_deprecated;
|
||||
|
||||
app_domain(radio)
|
||||
|
||||
|
@ -1 +1,2 @@
|
||||
typeattribute recovery coredomain;
|
||||
typeattribute recovery domain_deprecated;
|
||||
|
@ -1,4 +1,5 @@
|
||||
typeattribute runas coredomain;
|
||||
typeattribute runas domain_deprecated;
|
||||
|
||||
# ndk-gdb invokes adb shell run-as.
|
||||
domain_auto_trans(shell, runas_exec, runas)
|
||||
|
@ -1,3 +1,4 @@
|
||||
typeattribute sdcardd coredomain;
|
||||
typeattribute sdcardd domain_deprecated;
|
||||
|
||||
type_transition sdcardd system_data_file:{ dir file } media_rw_data_file;
|
||||
|
@ -1,4 +1,5 @@
|
||||
typeattribute shared_relro coredomain;
|
||||
typeattribute shared_relro domain_deprecated;
|
||||
|
||||
# The shared relro process is a Java program forked from the zygote, so it
|
||||
# inherits from app to get basic permissions it needs to run.
|
||||
|
@ -1,3 +1,4 @@
|
||||
typeattribute ueventd coredomain;
|
||||
typeattribute ueventd domain_deprecated;
|
||||
|
||||
tmpfs_domain(ueventd)
|
||||
|
@ -1,3 +1,4 @@
|
||||
typeattribute uncrypt coredomain;
|
||||
typeattribute uncrypt domain_deprecated;
|
||||
|
||||
init_daemon_domain(uncrypt)
|
||||
|
@ -1,3 +1,4 @@
|
||||
typeattribute update_engine coredomain;
|
||||
typeattribute update_engine domain_deprecated;
|
||||
|
||||
init_daemon_domain(update_engine);
|
||||
|
@ -1,4 +1,5 @@
|
||||
typeattribute vold coredomain;
|
||||
typeattribute vold domain_deprecated;
|
||||
|
||||
init_daemon_domain(vold)
|
||||
|
||||
|
@ -10,16 +10,6 @@ attribute dev_type;
|
||||
# All types used for processes.
|
||||
attribute domain;
|
||||
|
||||
# Temporary attribute used for migrating permissions out of domain.
|
||||
# Motivation: Domain is overly permissive. Start removing permissions
|
||||
# from domain and assign them to the domain_deprecated attribute.
|
||||
# Domain_deprecated and domain can initially be assigned to all
|
||||
# domains. The goal is to not assign domain_deprecated to new domains
|
||||
# and to start removing domain_deprecated where it's not required or
|
||||
# reassigning the appropriate permissions to the inheriting domain
|
||||
# when necessary.
|
||||
attribute domain_deprecated;
|
||||
|
||||
# All types used for filesystems.
|
||||
# On change, update CHECK_FC_ASSERT_ATTRS
|
||||
# definition in tools/checkfc.c.
|
||||
|
@ -1,5 +1,5 @@
|
||||
# 464xlat daemon
|
||||
type clatd, domain, domain_deprecated;
|
||||
type clatd, domain;
|
||||
type clatd_exec, exec_type, file_type;
|
||||
|
||||
net_domain(clatd)
|
||||
|
@ -1,5 +1,5 @@
|
||||
# dex2oat
|
||||
type dex2oat, domain, domain_deprecated;
|
||||
type dex2oat, domain;
|
||||
type dex2oat_exec, exec_type, file_type;
|
||||
|
||||
r_dir_file(dex2oat, apk_data_file)
|
||||
|
@ -1,4 +1,4 @@
|
||||
type dhcp, domain, domain_deprecated;
|
||||
type dhcp, domain;
|
||||
type dhcp_exec, exec_type, file_type;
|
||||
|
||||
net_domain(dhcp)
|
||||
|
@ -1,5 +1,5 @@
|
||||
# dumpstate
|
||||
type dumpstate, domain, domain_deprecated, mlstrustedsubject;
|
||||
type dumpstate, domain, mlstrustedsubject;
|
||||
type dumpstate_exec, exec_type, file_type;
|
||||
|
||||
net_domain(dumpstate)
|
||||
|
@ -1,4 +1,4 @@
|
||||
type fingerprintd, domain, domain_deprecated;
|
||||
type fingerprintd, domain;
|
||||
type fingerprintd_exec, exec_type, file_type;
|
||||
|
||||
binder_use(fingerprintd)
|
||||
|
@ -1,5 +1,5 @@
|
||||
# Any fsck program run by init
|
||||
type fsck, domain, domain_deprecated;
|
||||
type fsck, domain;
|
||||
type fsck_exec, exec_type, file_type;
|
||||
|
||||
# /dev/__null__ created by init prior to policy load,
|
||||
|
@ -1,5 +1,5 @@
|
||||
# Any fsck program run on untrusted block devices
|
||||
type fsck_untrusted, domain, domain_deprecated;
|
||||
type fsck_untrusted, domain;
|
||||
|
||||
# Inherit and use pty created by android_fork_execvp_ext().
|
||||
allow fsck_untrusted devpts:chr_file { read write ioctl getattr };
|
||||
|
@ -1,5 +1,5 @@
|
||||
# installer daemon
|
||||
type installd, domain, domain_deprecated;
|
||||
type installd, domain;
|
||||
type installd_exec, exec_type, file_type;
|
||||
typeattribute installd mlstrustedsubject;
|
||||
allow installd self:capability { chown dac_override fowner fsetid setgid setuid sys_admin };
|
||||
|
@ -1,4 +1,4 @@
|
||||
type keystore, domain, domain_deprecated;
|
||||
type keystore, domain;
|
||||
type keystore_exec, exec_type, file_type;
|
||||
|
||||
# keystore daemon
|
||||
|
@ -1,5 +1,5 @@
|
||||
# vpn tunneling protocol manager
|
||||
type mtp, domain, domain_deprecated;
|
||||
type mtp, domain;
|
||||
type mtp_exec, exec_type, file_type;
|
||||
|
||||
net_domain(mtp)
|
||||
|
@ -1,5 +1,5 @@
|
||||
# network manager
|
||||
type netd, domain, domain_deprecated, mlstrustedsubject;
|
||||
type netd, domain, mlstrustedsubject;
|
||||
type netd_exec, exec_type, file_type;
|
||||
|
||||
net_domain(netd)
|
||||
|
@ -4,7 +4,6 @@ type perfprofd_exec, exec_type, file_type;
|
||||
|
||||
userdebug_or_eng(`
|
||||
|
||||
typeattribute perfprofd domain_deprecated;
|
||||
typeattribute perfprofd coredomain;
|
||||
typeattribute perfprofd mlstrustedsubject;
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
# Point to Point Protocol daemon
|
||||
type ppp, domain, domain_deprecated;
|
||||
type ppp, domain;
|
||||
type ppp_device, dev_type;
|
||||
type ppp_exec, exec_type, file_type;
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
# phone subsystem
|
||||
type radio, domain, domain_deprecated, mlstrustedsubject;
|
||||
type radio, domain, mlstrustedsubject;
|
||||
|
||||
net_domain(radio)
|
||||
bluetooth_domain(radio)
|
||||
|
@ -2,7 +2,7 @@
|
||||
|
||||
# Declare the domain unconditionally so we can always reference it
|
||||
# in neverallow rules.
|
||||
type recovery, domain, domain_deprecated;
|
||||
type recovery, domain;
|
||||
|
||||
# But the allow rules are only included in the recovery policy.
|
||||
# Otherwise recovery is only allowed the domain rules.
|
||||
|
@ -1,5 +1,5 @@
|
||||
# rild - radio interface layer daemon
|
||||
type rild, domain, domain_deprecated;
|
||||
type rild, domain;
|
||||
hal_server_domain(rild, hal_telephony)
|
||||
|
||||
net_domain(rild)
|
||||
|
@ -1,4 +1,4 @@
|
||||
type runas, domain, domain_deprecated, mlstrustedsubject;
|
||||
type runas, domain, mlstrustedsubject;
|
||||
type runas_exec, exec_type, file_type;
|
||||
|
||||
allow runas adbd:process sigchld;
|
||||
|
@ -1,4 +1,4 @@
|
||||
type sdcardd, domain, domain_deprecated;
|
||||
type sdcardd, domain;
|
||||
type sdcardd_exec, exec_type, file_type;
|
||||
|
||||
allow sdcardd cgroup:dir create_dir_perms;
|
||||
|
@ -1,5 +1,5 @@
|
||||
# Process which creates/updates shared RELRO files to be used by other apps.
|
||||
type shared_relro, domain, domain_deprecated;
|
||||
type shared_relro, domain;
|
||||
|
||||
# Grant write access to the shared relro files/directory.
|
||||
allow shared_relro shared_relro_file:dir rw_dir_perms;
|
||||
|
@ -1,6 +1,6 @@
|
||||
# ueventd seclabel is specified in init.rc since
|
||||
# it lives in the rootfs and has no unique file type.
|
||||
type ueventd, domain, domain_deprecated;
|
||||
type ueventd, domain;
|
||||
|
||||
# Write to /dev/kmsg.
|
||||
allow ueventd kmsg_device:chr_file rw_file_perms;
|
||||
|
@ -1,5 +1,5 @@
|
||||
# uncrypt
|
||||
type uncrypt, domain, domain_deprecated, mlstrustedsubject;
|
||||
type uncrypt, domain, mlstrustedsubject;
|
||||
type uncrypt_exec, exec_type, file_type;
|
||||
|
||||
allow uncrypt self:capability dac_override;
|
||||
|
@ -1,5 +1,5 @@
|
||||
# Domain for update_engine daemon.
|
||||
type update_engine, domain, domain_deprecated, update_engine_common;
|
||||
type update_engine, domain, update_engine_common;
|
||||
type update_engine_exec, exec_type, file_type;
|
||||
|
||||
net_domain(update_engine);
|
||||
|
@ -1,5 +1,5 @@
|
||||
# volume manager
|
||||
type vold, domain, domain_deprecated;
|
||||
type vold, domain;
|
||||
type vold_exec, exec_type, file_type;
|
||||
|
||||
# Read already opened /cache files.
|
||||
|
2
vendor/tee.te
vendored
2
vendor/tee.te
vendored
@ -1,8 +1,6 @@
|
||||
##
|
||||
# trusted execution environment (tee) daemon
|
||||
#
|
||||
typeattribute tee domain_deprecated;
|
||||
|
||||
type tee_exec, exec_type, vendor_file_type, file_type;
|
||||
init_daemon_domain(tee)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user