Merge "Relax neverallows for vendor to use /system/bin/sh" into android14-tests-dev

2024-03-06 06:18:53 +00:00 · 2024-03-06 06:18:53 +00:00 · a1260cfa21
commit a1260cfa21
parent 9dba1b8892 6ece857f4f
4 changed files with 26 additions and 2 deletions
--- a/prebuilts/api/34.0/public/domain.te
+++ b/prebuilts/api/34.0/public/domain.te
@ -904,6 +904,9 @@ full_treble_only(`
        -crash_dump_exec
        -netutils_wrapper_exec
        userdebug_or_eng(`-tcpdump_exec')
+        # Vendor components still can invoke shell commands via /system/bin/sh
+        -shell_exec
+        -toolbox_exec
    }:file { entrypoint execute execute_no_trans };
 ')

@ -984,6 +987,9 @@ full_treble_only(`
    -task_profiles_api_file
    -task_profiles_file
    userdebug_or_eng(`-tcpdump_exec')
+    # Vendor components still can invoke shell commands via /system/bin/sh
+    -shell_exec
+    -toolbox_exec
  }:file *;
 ')

--- a/prebuilts/api/34.0/public/hal_neverallows.te
+++ b/prebuilts/api/34.0/public/hal_neverallows.te
@ -83,7 +83,13 @@ neverallow {
  halserverdomain
  -hal_dumpstate_server
  -hal_telephony_server
-} { file_type fs_type }:file execute_no_trans;
+} {
+  file_type
+  fs_type
+  # May invoke shell commands via /system/bin/sh
+  -shell_exec
+  -toolbox_exec
+}:file execute_no_trans;
 # Do not allow a process other than init to transition into a HAL domain.
 neverallow { domain -init } halserverdomain:process transition;
 # Only allow transitioning to a domain by running its executable. Do not
--- a/public/domain.te
+++ b/public/domain.te
@ -908,6 +908,9 @@ full_treble_only(`
        -crash_dump_exec
        -netutils_wrapper_exec
        userdebug_or_eng(`-tcpdump_exec')
+        # Vendor components still can invoke shell commands via /system/bin/sh
+        -shell_exec
+        -toolbox_exec
    }:file { entrypoint execute execute_no_trans };
 ')

@ -988,6 +991,9 @@ full_treble_only(`
    -task_profiles_api_file
    -task_profiles_file
    userdebug_or_eng(`-tcpdump_exec')
+    # Vendor components still can invoke shell commands via /system/bin/sh
+    -shell_exec
+    -toolbox_exec
  }:file *;
 ')

--- a/public/hal_neverallows.te
+++ b/public/hal_neverallows.te
@ -83,7 +83,13 @@ neverallow {
  halserverdomain
  -hal_dumpstate_server
  -hal_telephony_server
-} { file_type fs_type }:file execute_no_trans;
+} {
+  file_type
+  fs_type
+  # May invoke shell commands via /system/bin/sh
+  -shell_exec
+  -toolbox_exec
+}:file execute_no_trans;
 # Do not allow a process other than init to transition into a HAL domain.
 neverallow { domain -init } halserverdomain:process transition;
 # Only allow transitioning to a domain by running its executable. Do not