platform_system_sepolicy/public/vendor_toolbox.te

# Toolbox installation for vendor binaries / scripts
# Non-vendor processes are not allowed to execute the binary
# and is always executed without transition.
type vendor_toolbox_exec, exec_type, vendor_file_type, file_type;

# Do not allow domains to transition to vendor toolbox
# or read, execute the vendor_toolbox file.
full_treble_only(`
    # Do not allow non-vendor domains to transition
    # to vendor toolbox except for the allowlisted domains.
    neverallow {
        coredomain
        -init
        -modprobe
    } vendor_toolbox_exec:file { entrypoint execute execute_no_trans };
')
toolbox: add sepolicy for vendor toybox The vendor toybox MUST always be executed without transition and non-vendor processes are not allowed to execute the binary. Bug: 36463595 Test: Boot and test if system shell can run /vendor/bin/echo Result: requires 'su' Change-Id: Ifb9aa61f247f91fb870b99d60ac7f849ee9c6adc Signed-off-by: Sandeep Patil <sspatil@google.com> (cherry picked from commit c112cd18e8999c0242a2560219033231a0e19898) 2017-04-13 00:19:12 +02:00			`# Toolbox installation for vendor binaries / scripts`
			`# Non-vendor processes are not allowed to execute the binary`
			`# and is always executed without transition.`
			`type vendor_toolbox_exec, exec_type, vendor_file_type, file_type;`

			`# Do not allow domains to transition to vendor toolbox`
			`# or read, execute the vendor_toolbox file.`
			full_treble_only(`
			`# Do not allow non-vendor domains to transition`
Update language to comply with Android's inclusive language guidance See https://source.android.com/setup/contribute/respectful-code for reference Bug: 161896447 Change-Id: I0caf39b349c48e44123775d98c52a773b0b504ff 2020-07-31 20:28:11 +02:00			`# to vendor toolbox except for the allowlisted domains.`
Allow init to run vendor toybox for modprobe vendor implementations need to be able to run modprobe as part of init.rc scripts. They cannot do so because of the strict neverallow currently in place that disallows all coredomains (including init) to execute vendor toybox. Fix this by adding init to the exception list for the neverallow so vendors can then run modprobe from .rc scripts and also add the rule to allow init to transition to modprobe domain using vendor_toolbox. Bug: b/38212864 Test: Boot sailfish Change-Id: Ib839246954e9002859f3ba986094f206bfead137 Signed-off-by: Sandeep Patil <sspatil@google.com> 2017-05-22 21:09:14 +02:00			`neverallow {`
			`coredomain`
			`-init`
			`-modprobe`
			`} vendor_toolbox_exec:file { entrypoint execute execute_no_trans };`
toolbox: add sepolicy for vendor toybox The vendor toybox MUST always be executed without transition and non-vendor processes are not allowed to execute the binary. Bug: 36463595 Test: Boot and test if system shell can run /vendor/bin/echo Result: requires 'su' Change-Id: Ifb9aa61f247f91fb870b99d60ac7f849ee9c6adc Signed-off-by: Sandeep Patil <sspatil@google.com> (cherry picked from commit c112cd18e8999c0242a2560219033231a0e19898) 2017-04-13 00:19:12 +02:00			`')`