From 0547fb5ab2e34847daf9b2ec48805f8a9ff63db5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A5rten=20Kongstad?= Date: Fri, 10 Jun 2022 12:58:21 +0200 Subject: [PATCH] Remove the last traces of idmap (replaced by idmap2) Remove mention of the /system/bin/idmap binary: the file no longer exists. Remove interaction between the domains installd and idmap to interact: installd used to fork and exec the idmap binary, but the idmap2 binary has its own binder service. Bug: 118711077 Bug: 119264713 Test: atest FrameworksServicesTests:com.android.server.om OverlayDeviceTests OverlayHostTests CtsAppSecurityHostTestCases:OverlayHostTest Change-Id: I06d22057308984e43cb84ff365dbdd1864c7064b --- private/file_contexts | 1 - public/idmap.te | 7 +------ 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/private/file_contexts b/private/file_contexts index 549005996..e27cbe94c 100644 --- a/private/file_contexts +++ b/private/file_contexts @@ -327,7 +327,6 @@ /system/bin/blkid u:object_r:blkid_exec:s0 /system/bin/tzdatacheck u:object_r:tzdatacheck_exec:s0 /system/bin/flags_health_check -- u:object_r:flags_health_check_exec:s0 -/system/bin/idmap u:object_r:idmap_exec:s0 /system/bin/idmap2(d)? u:object_r:idmap_exec:s0 /system/bin/update_engine u:object_r:update_engine_exec:s0 /system/bin/profcollectd u:object_r:profcollectd_exec:s0 diff --git a/public/idmap.te b/public/idmap.te index f41f573ea..76ef6221a 100644 --- a/public/idmap.te +++ b/public/idmap.te @@ -2,15 +2,10 @@ type idmap, domain; type idmap_exec, system_file_type, exec_type, file_type; -# TODO remove /system/bin/idmap and the link between idmap and installd (b/118711077) -# Use open file to /data/resource-cache file inherited from installd. -allow idmap installd:fd use; +# Allow read + write access to /data/resource-cache allow idmap resourcecache_data_file:file create_file_perms; allow idmap resourcecache_data_file:dir rw_dir_perms; -# Ignore reading /proc//maps after a fork. -dontaudit idmap installd:file read; - # Open and read from target and overlay apk files passed by argument. allow idmap apk_data_file:file r_file_perms; allow idmap apk_data_file:dir search;