From cc39f637734a8d84bc861b649bfd109290c06401 Mon Sep 17 00:00:00 2001 From: dcashman Date: Fri, 22 Jul 2016 13:13:11 -0700 Subject: [PATCH] Split general policy into public and private components. Divide policy into public and private components. This is the first step in splitting the policy creation for platform and non-platform policies. The policy in the public directory will be exported for use in non-platform policy creation. Backwards compatibility with it will be achieved by converting the exported policy into attribute-based policy when included as part of the non-platform policy and a mapping file will be maintained to be included with the platform policy that maps exported attributes of previous versions to the current platform version. Eventually we would like to create a clear interface between the platform and non-platform device components so that the exported policy, and the need for attributes is minimal. For now, almost all types and avrules are left in public. Test: Tested by building policy and running on device. Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c --- Android.mk | 96 ++++++++++++++----- access_vectors => private/access_vectors | 0 private/adbd.te | 3 + private/android_hardware_nfc_1_0_service.te | 2 + atrace.te => private/atrace.te | 0 private/audioserver.te | 3 + private/autoplay_app.te | 5 + private/bluetooth.te | 4 + private/bootanim.te | 3 + private/bootstat.te | 3 + private/cameraserver.te | 3 + private/cppreopts.te | 6 ++ private/debuggerd.te | 3 + private/dhcp.te | 4 + private/drmserver.te | 3 + private/dumpstate.te | 6 ++ file_contexts => private/file_contexts | 0 .../file_contexts_asan | 0 private/fingerprintd.te | 3 + fs_use => private/fs_use | 0 private/fsck.te | 3 + private/gatekeeperd.te | 3 + genfs_contexts => private/genfs_contexts | 0 private/hci_attach.te | 3 + private/hostapd.te | 3 + private/hwservicemanager.te | 3 + private/init.te | 18 ++++ .../initial_sid_contexts | 0 initial_sids => private/initial_sids | 0 private/inputflinger.te | 3 + private/install_recovery.te | 3 + private/installd.te | 12 +++ private/kernel.te | 3 + keys.conf => private/keys.conf | 0 private/keystore.te | 3 + private/lmkd.te | 3 + private/logd.te | 3 + .../mac_permissions.xml | 0 private/mdnsd.te | 3 + private/mediacodec.te | 3 + private/mediadrmserver.te | 3 + private/mediaextractor.te | 3 + private/mediaserver.te | 3 + mls => private/mls | 0 mls_macros => private/mls_macros | 0 private/mtp.te | 3 + private/netd.te | 9 ++ private/otapreopt_chroot.te | 4 + private/otapreopt_slot.te | 5 + perfprofd.te => private/perfprofd.te | 0 .../policy_capabilities | 0 port_contexts => private/port_contexts | 0 private/postinstall.te | 3 + private/postinstall_dexopt.te | 5 + private/ppp.te | 3 + .../property_contexts | 0 private/racoon.te | 3 + private/recovery_persist.te | 3 + private/recovery_refresh.te | 3 + private/rild.te | 3 + roles => private/roles | 0 private/runas.te | 4 + private/sdcardd.te | 3 + seapp_contexts => private/seapp_contexts | 0 security_classes => private/security_classes | 0 service_contexts => private/service_contexts | 0 private/servicemanager.te | 3 + su.te => private/su.te | 0 private/surfaceflinger.te | 3 + private/system_server.te | 6 ++ private/tee.te | 3 + private/toolbox.te | 3 + private/tzdatacheck.te | 3 + private/ueventd.te | 3 + private/uncrypt.te | 3 + private/update_engine.te | 3 + private/update_engine_common.te | 5 + private/update_verifier.te | 3 + users => private/users | 0 private/vdc.te | 3 + private/vold.te | 19 ++++ private/wifi_hal_legacy.te | 3 + private/wificond.te | 3 + private/wpa.te | 6 ++ private/zygote.te | 3 + adbd.te => public/adbd.te | 2 - .../android_hardware_nfc_1_0_service.te | 3 - app.te => public/app.te | 0 attributes => public/attributes | 0 audioserver.te => public/audioserver.te | 2 - autoplay_app.te => public/autoplay_app.te | 3 - .../binderservicedomain.te | 0 blkid.te => public/blkid.te | 0 .../blkid_untrusted.te | 0 bluetooth.te => public/bluetooth.te | 1 - .../bluetoothdomain.te | 0 .../boot_control_hal.te | 0 bootanim.te => public/bootanim.te | 2 - bootstat.te => public/bootstat.te | 2 - cameraserver.te => public/cameraserver.te | 2 - clatd.te => public/clatd.te | 0 cppreopts.te => public/cppreopts.te | 6 -- debuggerd.te => public/debuggerd.te | 1 - device.te => public/device.te | 0 dex2oat.te => public/dex2oat.te | 0 dhcp.te => public/dhcp.te | 2 - dnsmasq.te => public/dnsmasq.te | 0 domain.te => public/domain.te | 0 .../domain_deprecated.te | 0 drmserver.te => public/drmserver.te | 1 - dumpstate.te => public/dumpstate.te | 4 - file.te => public/file.te | 0 fingerprintd.te => public/fingerprintd.te | 2 - fsck.te => public/fsck.te | 2 - fsck_untrusted.te => public/fsck_untrusted.te | 0 gatekeeperd.te => public/gatekeeperd.te | 1 - global_macros => public/global_macros | 0 hci_attach.te => public/hci_attach.te | 2 - healthd.te => public/healthd.te | 0 hostapd.te => public/hostapd.te | 2 +- .../hwservicemanager.te | 2 - idmap.te => public/idmap.te | 0 init.te => public/init.te | 16 ---- inputflinger.te => public/inputflinger.te | 1 - .../install_recovery.te | 2 - installd.te => public/installd.te | 11 --- ioctl_defines => public/ioctl_defines | 0 ioctl_macros => public/ioctl_macros | 0 isolated_app.te => public/isolated_app.te | 0 kernel.te => public/kernel.te | 2 - keystore.te => public/keystore.te | 1 - lmkd.te => public/lmkd.te | 2 - logd.te => public/logd.te | 2 - mdnsd.te => public/mdnsd.te | 1 - mediacodec.te => public/mediacodec.te | 2 - mediadrmserver.te => public/mediadrmserver.te | 2 - mediaextractor.te => public/mediaextractor.te | 2 - mediaserver.te => public/mediaserver.te | 1 - mtp.te => public/mtp.te | 1 - net.te => public/net.te | 0 netd.te => public/netd.te | 3 - neverallow_macros => public/neverallow_macros | 0 nfc.te => public/nfc.te | 0 .../otapreopt_chroot.te | 3 - otapreopt_slot.te => public/otapreopt_slot.te | 3 - platform_app.te => public/platform_app.te | 0 postinstall.te => public/postinstall.te | 2 - .../postinstall_dexopt.te | 4 - ppp.te => public/ppp.te | 1 - .../preopt2cachename.te | 0 priv_app.te => public/priv_app.te | 0 profman.te => public/profman.te | 0 property.te => public/property.te | 0 racoon.te => public/racoon.te | 1 - radio.te => public/radio.te | 0 recovery.te => public/recovery.te | 0 .../recovery_persist.te | 2 - .../recovery_refresh.te | 2 - rild.te => public/rild.te | 1 - runas.te => public/runas.te | 2 - sdcardd.te => public/sdcardd.te | 1 - service.te => public/service.te | 0 servicemanager.te => public/servicemanager.te | 2 - sgdisk.te => public/sgdisk.te | 0 shared_relro.te => public/shared_relro.te | 0 shell.te => public/shell.te | 0 slideshow.te => public/slideshow.te | 0 surfaceflinger.te => public/surfaceflinger.te | 1 - system_app.te => public/system_app.te | 0 system_server.te => public/system_server.te | 4 - te_macros => public/te_macros | 0 tee.te => public/tee.te | 1 - toolbox.te => public/toolbox.te | 2 - tzdatacheck.te => public/tzdatacheck.te | 2 - ueventd.te => public/ueventd.te | 1 - uncrypt.te => public/uncrypt.te | 2 - untrusted_app.te => public/untrusted_app.te | 0 update_engine.te => public/update_engine.te | 1 - .../update_engine_common.te | 3 - .../update_verifier.te | 2 - vdc.te => public/vdc.te | 2 - vold.te => public/vold.te | 18 ---- watchdogd.te => public/watchdogd.te | 0 .../wifi_hal_legacy.te | 3 - wificond.te => public/wificond.te | 2 - wpa.te => public/wpa.te | 3 - zygote.te => public/zygote.te | 1 - 187 files changed, 330 insertions(+), 184 deletions(-) rename access_vectors => private/access_vectors (100%) create mode 100644 private/adbd.te create mode 100644 private/android_hardware_nfc_1_0_service.te rename atrace.te => private/atrace.te (100%) create mode 100644 private/audioserver.te create mode 100644 private/autoplay_app.te create mode 100644 private/bluetooth.te create mode 100644 private/bootanim.te create mode 100644 private/bootstat.te create mode 100644 private/cameraserver.te create mode 100644 private/cppreopts.te create mode 100644 private/debuggerd.te create mode 100644 private/dhcp.te create mode 100644 private/drmserver.te create mode 100644 private/dumpstate.te rename file_contexts => private/file_contexts (100%) rename file_contexts_asan => private/file_contexts_asan (100%) create mode 100644 private/fingerprintd.te rename fs_use => private/fs_use (100%) create mode 100644 private/fsck.te create mode 100644 private/gatekeeperd.te rename genfs_contexts => private/genfs_contexts (100%) create mode 100644 private/hci_attach.te create mode 100644 private/hostapd.te create mode 100644 private/hwservicemanager.te create mode 100644 private/init.te rename initial_sid_contexts => private/initial_sid_contexts (100%) rename initial_sids => private/initial_sids (100%) create mode 100644 private/inputflinger.te create mode 100644 private/install_recovery.te create mode 100644 private/installd.te create mode 100644 private/kernel.te rename keys.conf => private/keys.conf (100%) create mode 100644 private/keystore.te create mode 100644 private/lmkd.te create mode 100644 private/logd.te rename mac_permissions.xml => private/mac_permissions.xml (100%) create mode 100644 private/mdnsd.te create mode 100644 private/mediacodec.te create mode 100644 private/mediadrmserver.te create mode 100644 private/mediaextractor.te create mode 100644 private/mediaserver.te rename mls => private/mls (100%) rename mls_macros => private/mls_macros (100%) create mode 100644 private/mtp.te create mode 100644 private/netd.te create mode 100644 private/otapreopt_chroot.te create mode 100644 private/otapreopt_slot.te rename perfprofd.te => private/perfprofd.te (100%) rename policy_capabilities => private/policy_capabilities (100%) rename port_contexts => private/port_contexts (100%) create mode 100644 private/postinstall.te create mode 100644 private/postinstall_dexopt.te create mode 100644 private/ppp.te rename property_contexts => private/property_contexts (100%) create mode 100644 private/racoon.te create mode 100644 private/recovery_persist.te create mode 100644 private/recovery_refresh.te create mode 100644 private/rild.te rename roles => private/roles (100%) create mode 100644 private/runas.te create mode 100644 private/sdcardd.te rename seapp_contexts => private/seapp_contexts (100%) rename security_classes => private/security_classes (100%) rename service_contexts => private/service_contexts (100%) create mode 100644 private/servicemanager.te rename su.te => private/su.te (100%) create mode 100644 private/surfaceflinger.te create mode 100644 private/system_server.te create mode 100644 private/tee.te create mode 100644 private/toolbox.te create mode 100644 private/tzdatacheck.te create mode 100644 private/ueventd.te create mode 100644 private/uncrypt.te create mode 100644 private/update_engine.te create mode 100644 private/update_engine_common.te create mode 100644 private/update_verifier.te rename users => private/users (100%) create mode 100644 private/vdc.te create mode 100644 private/vold.te create mode 100644 private/wifi_hal_legacy.te create mode 100644 private/wificond.te create mode 100644 private/wpa.te create mode 100644 private/zygote.te rename adbd.te => public/adbd.te (98%) rename android_hardware_nfc_1_0_service.te => public/android_hardware_nfc_1_0_service.te (89%) rename app.te => public/app.te (100%) rename attributes => public/attributes (100%) rename audioserver.te => public/audioserver.te (98%) rename autoplay_app.te => public/autoplay_app.te (96%) rename binderservicedomain.te => public/binderservicedomain.te (100%) rename blkid.te => public/blkid.te (100%) rename blkid_untrusted.te => public/blkid_untrusted.te (100%) rename bluetooth.te => public/bluetooth.te (97%) rename bluetoothdomain.te => public/bluetoothdomain.te (100%) rename boot_control_hal.te => public/boot_control_hal.te (100%) rename bootanim.te => public/bootanim.te (96%) rename bootstat.te => public/bootstat.te (91%) rename cameraserver.te => public/cameraserver.te (97%) rename clatd.te => public/clatd.te (100%) rename cppreopts.te => public/cppreopts.te (80%) rename debuggerd.te => public/debuggerd.te (98%) rename device.te => public/device.te (100%) rename dex2oat.te => public/dex2oat.te (100%) rename dhcp.te => public/dhcp.te (92%) rename dnsmasq.te => public/dnsmasq.te (100%) rename domain.te => public/domain.te (100%) rename domain_deprecated.te => public/domain_deprecated.te (100%) rename drmserver.te => public/drmserver.te (98%) rename dumpstate.te => public/dumpstate.te (98%) rename file.te => public/file.te (100%) rename fingerprintd.te => public/fingerprintd.te (94%) rename fsck.te => public/fsck.te (98%) rename fsck_untrusted.te => public/fsck_untrusted.te (100%) rename gatekeeperd.te => public/gatekeeperd.te (97%) rename global_macros => public/global_macros (100%) rename hci_attach.te => public/hci_attach.te (90%) rename healthd.te => public/healthd.te (100%) rename hostapd.te => public/hostapd.te (97%) rename hwservicemanager.te => public/hwservicemanager.te (95%) rename idmap.te => public/idmap.te (100%) rename init.te => public/init.te (96%) rename inputflinger.te => public/inputflinger.te (93%) rename install_recovery.te => public/install_recovery.te (96%) rename installd.te => public/installd.te (94%) rename ioctl_defines => public/ioctl_defines (100%) rename ioctl_macros => public/ioctl_macros (100%) rename isolated_app.te => public/isolated_app.te (100%) rename kernel.te => public/kernel.te (98%) rename keystore.te => public/keystore.te (97%) rename lmkd.te => public/lmkd.te (97%) rename logd.te => public/logd.te (98%) rename mdnsd.te => public/mdnsd.te (86%) rename mediacodec.te => public/mediacodec.te (96%) rename mediadrmserver.te => public/mediadrmserver.te (98%) rename mediaextractor.te => public/mediaextractor.te (95%) rename mediaserver.te => public/mediaserver.te (99%) rename mtp.te => public/mtp.te (92%) rename net.te => public/net.te (100%) rename netd.te => public/netd.te (97%) rename neverallow_macros => public/neverallow_macros (100%) rename nfc.te => public/nfc.te (100%) rename otapreopt_chroot.te => public/otapreopt_chroot.te (84%) rename otapreopt_slot.te => public/otapreopt_slot.te (89%) rename platform_app.te => public/platform_app.te (100%) rename postinstall.te => public/postinstall.te (95%) rename postinstall_dexopt.te => public/postinstall_dexopt.te (91%) rename ppp.te => public/ppp.te (92%) rename preopt2cachename.te => public/preopt2cachename.te (100%) rename priv_app.te => public/priv_app.te (100%) rename profman.te => public/profman.te (100%) rename property.te => public/property.te (100%) rename racoon.te => public/racoon.te (97%) rename radio.te => public/radio.te (100%) rename recovery.te => public/recovery.te (100%) rename recovery_persist.te => public/recovery_persist.te (96%) rename recovery_refresh.te => public/recovery_refresh.te (96%) rename rild.te => public/rild.te (98%) rename runas.te => public/runas.te (92%) rename sdcardd.te => public/sdcardd.te (94%) rename service.te => public/service.te (100%) rename servicemanager.te => public/servicemanager.te (94%) rename sgdisk.te => public/sgdisk.te (100%) rename shared_relro.te => public/shared_relro.te (100%) rename shell.te => public/shell.te (100%) rename slideshow.te => public/slideshow.te (100%) rename surfaceflinger.te => public/surfaceflinger.te (98%) rename system_app.te => public/system_app.te (100%) rename system_server.te => public/system_server.te (99%) rename te_macros => public/te_macros (100%) rename tee.te => public/tee.te (96%) rename toolbox.te => public/toolbox.te (97%) rename tzdatacheck.te => public/tzdatacheck.te (87%) rename ueventd.te => public/ueventd.te (99%) rename uncrypt.te => public/uncrypt.te (97%) rename untrusted_app.te => public/untrusted_app.te (100%) rename update_engine.te => public/update_engine.te (97%) rename update_engine_common.te => public/update_engine_common.te (87%) rename update_verifier.te => public/update_verifier.te (93%) rename vdc.te => public/vdc.te (96%) rename vold.te => public/vold.te (90%) rename watchdogd.te => public/watchdogd.te (100%) rename wifi_hal_legacy.te => public/wifi_hal_legacy.te (91%) rename wificond.te => public/wificond.te (98%) rename wpa.te => public/wpa.te (95%) rename zygote.te => public/zygote.te (99%) diff --git a/Android.mk b/Android.mk index 6a4b8a427..7bfe1a7dd 100644 --- a/Android.mk +++ b/Android.mk @@ -26,13 +26,49 @@ ifdef BOARD_SEPOLICY_M4DEFS LOCAL_ADDITIONAL_M4DEFS := $(addprefix -D, $(BOARD_SEPOLICY_M4DEFS)) endif -# Builds paths for all policy files found in BOARD_SEPOLICY_DIRS and the LOCAL_PATH. -# $(1): the set of policy name paths to build -build_policy = $(foreach type, $(1), $(foreach file, $(addsuffix /$(type), $(LOCAL_PATH) $(BOARD_SEPOLICY_DIRS)), $(sort $(wildcard $(file))))) +# sepolicy is now divided into multiple portions: +# public - policy exported on which non-platform policy developers may write +# additional policy. types and attributes are versioned and included in +# delivered non-platform policy, which is to be combined with platform policy. +# private - platform-only policy required for platform functionality but which +# is not exported to vendor policy developers and as such may not be assumed +# to exist. +# mapping - TODO. This contains policy statements which map the attributes +# exposed in the public policy of previous versions to the concrete types used +# in this policy to ensure that policy targeting attributes from public +# policy from an older platform version continues to work. + +# TODO - build process for device: +# 1) convert policies to CIL: +# - private + public platform policy to CIL +# - mapping file to CIL (should already be in CIL form) +# - non-platform public policy to CIL +# - non-platform public + private policy to CIL +# 2) attributize policy +# - TODO: do this for platform policy? +# - run script which takes non-platform public and non-platform combined +# private + public policy and produces attributized and versioned +# non-platform policy +# 3) combine policy files +# - combine mapping, platform and non-platform policy. +# - compile output binary policy file + +PLAT_PUBLIC_POLICY := $(LOCAL_PATH)/public +PLAT_PRIVATE_POLICY := $(LOCAL_PATH)/private + +########################################################### +# Compute policy files to be used in policy build. +# $(1): files to include +# $(2): directories in which to find files +########################################################### + +define build_policy +$(foreach type, $(1), $(foreach file, $(addsuffix /$(type), $(2)), $(sort $(wildcard $(file))))) +endef # Builds paths for all policy files found in BOARD_SEPOLICY_DIRS. # $(1): the set of policy name paths to build -build_device_policy = $(foreach type, $(1), $(foreach file, $(addsuffix /$(type), $(BOARD_SEPOLICY_DIRS)), $(sort $(wildcard $(file))))) +build_device_policy = $(call build_policy, $(1), $(BOARD_SEPOLICY_DIRS)) # Add a file containing only a newline in-between each policy configuration # 'contexts' file. This will allow OEM policy configuration files without a @@ -92,11 +128,28 @@ endif include $(BUILD_SYSTEM)/base_rules.mk +platform_policy.conf := $(intermediates)/plat_policy.conf +$(platform_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS) +$(platform_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS) +$(platform_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS) +$(platform_policy.conf): $(call build_policy, $(sepolicy_build_files), \ +$(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY)) + @mkdir -p $(dir $@) + $(hide) m4 $(PRIVATE_ADDITIONAL_M4DEFS) \ + -D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \ + -D target_build_variant=$(TARGET_BUILD_VARIANT) \ + -s $^ > $@ + $(hide) sed '/dontaudit/d' $@ > $@.dontaudit + +# TODO: add steps for non-platform public and combined files with checkpolicy +# support. b/31932523 + sepolicy_policy.conf := $(intermediates)/policy.conf $(sepolicy_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS) $(sepolicy_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS) $(sepolicy_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS) -$(sepolicy_policy.conf): $(call build_policy, $(sepolicy_build_files)) +$(sepolicy_policy.conf): $(call build_policy, $(sepolicy_build_files), \ +$(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY) $(BOARD_SEPOLICY_DIRS)) @mkdir -p $(dir $@) $(hide) m4 $(PRIVATE_ADDITIONAL_M4DEFS) \ -D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \ @@ -135,7 +188,8 @@ sepolicy_policy_recovery.conf := $(intermediates)/policy_recovery.conf $(sepolicy_policy_recovery.conf): PRIVATE_MLS_SENS := $(MLS_SENS) $(sepolicy_policy_recovery.conf): PRIVATE_MLS_CATS := $(MLS_CATS) $(sepolicy_policy_recovery.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS) -$(sepolicy_policy_recovery.conf): $(call build_policy, $(sepolicy_build_files)) +$(sepolicy_policy_recovery.conf): $(call build_policy, $(sepolicy_build_files), \ +$(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY) $(BOARD_SEPOLICY_DIRS)) @mkdir -p $(dir $@) $(hide) m4 $(PRIVATE_ADDITIONAL_M4DEFS) \ -D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \ @@ -168,12 +222,10 @@ LOCAL_MODULE_TAGS := tests include $(BUILD_SYSTEM)/base_rules.mk -exp_sepolicy_build_files :=\ - $(foreach file, $(addprefix $(LOCAL_PATH)/, $(sepolicy_build_files)), $(sort $(wildcard $(file)))) - $(LOCAL_BUILT_MODULE): PRIVATE_MLS_SENS := $(MLS_SENS) $(LOCAL_BUILT_MODULE): PRIVATE_MLS_CATS := $(MLS_CATS) -$(LOCAL_BUILT_MODULE): $(exp_sepolicy_build_files) +$(LOCAL_BUILT_MODULE): $(call build_policy, $(sepolicy_build_files), \ +$(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY)) mkdir -p $(dir $@) $(hide) m4 -D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \ -D target_build_variant=user \ @@ -223,9 +275,9 @@ include $(BUILD_SYSTEM)/base_rules.mk # Note: That a newline file is placed between each file_context file found to # ensure a proper build when an fc file is missing an ending newline. -local_fc_files := $(LOCAL_PATH)/file_contexts +local_fc_files := $(PLAT_PRIVATE_POLICY)/file_contexts ifneq ($(filter address,$(SANITIZE_TARGET)),) - local_fc_files := $(local_fc_files) $(LOCAL_PATH)/file_contexts_asan + local_fc_files := $(local_fc_files) $(PLAT_PRIVATE_POLICY)/file_contexts_asan endif local_fcfiles_with_nl := $(call add_nl, $(local_fc_files), $(built_nl)) @@ -281,7 +333,7 @@ LOCAL_MODULE_TAGS := tests include $(BUILD_SYSTEM)/base_rules.mk general_file_contexts.tmp := $(intermediates)/general_file_contexts.tmp -$(general_file_contexts.tmp): $(addprefix $(LOCAL_PATH)/, file_contexts) +$(general_file_contexts.tmp): $(addprefix $(PLAT_PRIVATE_POLICY)/, file_contexts) @mkdir -p $(dir $@) $(hide) m4 -s $< > $@ @@ -302,7 +354,7 @@ LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) include $(BUILD_SYSTEM)/base_rules.mk -all_sc_files := $(call build_policy, seapp_contexts) +all_sc_files := $(call build_policy, seapp_contexts, $(PLAT_PRIVATE_POLICY) $(BOARD_SEPOLICY_DIRS)) $(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy) $(LOCAL_BUILT_MODULE): PRIVATE_SC_FILES := $(all_sc_files) @@ -321,7 +373,7 @@ LOCAL_MODULE_TAGS := tests include $(BUILD_SYSTEM)/base_rules.mk -all_sc_files := $(addprefix $(LOCAL_PATH)/, seapp_contexts) +all_sc_files := $(addprefix $(PLAT_PRIVATE_POLICY)/, seapp_contexts) $(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_general_sepolicy) $(LOCAL_BUILT_MODULE): PRIVATE_SC_FILE := $(all_sc_files) @@ -339,7 +391,7 @@ LOCAL_MODULE_TAGS := tests include $(BUILD_SYSTEM)/base_rules.mk -$(LOCAL_BUILT_MODULE): $(addprefix $(LOCAL_PATH)/, seapp_contexts) +$(LOCAL_BUILT_MODULE): $(addprefix $(PLAT_PRIVATE_POLICY)/, seapp_contexts) @mkdir -p $(dir $@) - $(hide) grep -ie '^neverallow' $< > $@ @@ -354,7 +406,7 @@ LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) include $(BUILD_SYSTEM)/base_rules.mk -all_pc_files := $(call build_policy, property_contexts) +all_pc_files := $(call build_policy, property_contexts, $(PLAT_PRIVATE_POLICY) $(BOARD_SEPOLICY_DIRS)) all_pcfiles_with_nl := $(call add_nl, $(all_pc_files), $(built_nl)) property_contexts.tmp := $(intermediates)/property_contexts.tmp @@ -386,7 +438,7 @@ LOCAL_MODULE_TAGS := tests include $(BUILD_SYSTEM)/base_rules.mk general_property_contexts.tmp := $(intermediates)/general_property_contexts.tmp -$(general_property_contexts.tmp): $(addprefix $(LOCAL_PATH)/, property_contexts) +$(general_property_contexts.tmp): $(addprefix $(PLAT_PRIVATE_POLICY)/, property_contexts) @mkdir -p $(dir $@) $(hide) m4 -s $< > $@ @@ -408,7 +460,7 @@ LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) include $(BUILD_SYSTEM)/base_rules.mk -all_svc_files := $(call build_policy, service_contexts) +all_svc_files := $(call build_policy, service_contexts, $(PLAT_PRIVATE_POLICY) $(BOARD_SEPOLICY_DIRS)) all_svcfiles_with_nl := $(call add_nl, $(all_svc_files), $(built_nl)) service_contexts.tmp := $(intermediates)/service_contexts.tmp @@ -439,7 +491,7 @@ LOCAL_MODULE_TAGS := tests include $(BUILD_SYSTEM)/base_rules.mk general_service_contexts.tmp := $(intermediates)/general_service_contexts.tmp -$(general_service_contexts.tmp): $(addprefix $(LOCAL_PATH)/, service_contexts) +$(general_service_contexts.tmp): $(addprefix $(PLAT_PRIVATE_POLICY)/, service_contexts) @mkdir -p $(dir $@) $(hide) m4 -s $< > $@ @@ -464,11 +516,11 @@ include $(BUILD_SYSTEM)/base_rules.mk # Build keys.conf mac_perms_keys.tmp := $(intermediates)/keys.tmp $(mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS) -$(mac_perms_keys.tmp): $(call build_policy, keys.conf) +$(mac_perms_keys.tmp): $(call build_policy, keys.conf, $(PLAT_PRIVATE_POLICY) $(BOARD_SEPOLICY_DIRS)) @mkdir -p $(dir $@) $(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@ -all_mac_perms_files := $(call build_policy, $(LOCAL_MODULE)) +all_mac_perms_files := $(call build_policy, $(LOCAL_MODULE), $(PLAT_PRIVATE_POLICY) $(BOARD_SEPOLICY_DIRS)) # Should be synced with keys.conf. all_keys := platform media shared testkey diff --git a/access_vectors b/private/access_vectors similarity index 100% rename from access_vectors rename to private/access_vectors diff --git a/private/adbd.te b/private/adbd.te new file mode 100644 index 000000000..cabaf66d5 --- /dev/null +++ b/private/adbd.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +domain_auto_trans(adbd, shell_exec, shell) diff --git a/private/android_hardware_nfc_1_0_service.te b/private/android_hardware_nfc_1_0_service.te new file mode 100644 index 000000000..43368f8ad --- /dev/null +++ b/private/android_hardware_nfc_1_0_service.te @@ -0,0 +1,2 @@ +# may be started by init +init_daemon_domain(android_hardware_nfc_1_0_service) diff --git a/atrace.te b/private/atrace.te similarity index 100% rename from atrace.te rename to private/atrace.te diff --git a/private/audioserver.te b/private/audioserver.te new file mode 100644 index 000000000..64178583a --- /dev/null +++ b/private/audioserver.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(audioserver) diff --git a/private/autoplay_app.te b/private/autoplay_app.te new file mode 100644 index 000000000..2e0ec0e4d --- /dev/null +++ b/private/autoplay_app.te @@ -0,0 +1,5 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +# Define and allow access to our own type for ashmem regions. +# Label ashmem objects with our own unique type. +tmpfs_domain(autoplay_app) diff --git a/private/bluetooth.te b/private/bluetooth.te new file mode 100644 index 000000000..0abaee66b --- /dev/null +++ b/private/bluetooth.te @@ -0,0 +1,4 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +# Socket creation under /data/misc/bluedroid. +type_transition bluetooth bluetooth_data_file:sock_file bluetooth_socket; diff --git a/private/bootanim.te b/private/bootanim.te new file mode 100644 index 000000000..94fbc1f4f --- /dev/null +++ b/private/bootanim.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(bootanim) diff --git a/private/bootstat.te b/private/bootstat.te new file mode 100644 index 000000000..caa82fd62 --- /dev/null +++ b/private/bootstat.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(bootstat) diff --git a/private/cameraserver.te b/private/cameraserver.te new file mode 100644 index 000000000..b34d74608 --- /dev/null +++ b/private/cameraserver.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(cameraserver) diff --git a/private/cppreopts.te b/private/cppreopts.te new file mode 100644 index 000000000..02c13b3a0 --- /dev/null +++ b/private/cppreopts.te @@ -0,0 +1,6 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +# Technically not a daemon but we do want the transition from init domain to +# cppreopts to occur. +init_daemon_domain(cppreopts) +domain_auto_trans(cppreopts, preopt2cachename_exec, preopt2cachename); diff --git a/private/debuggerd.te b/private/debuggerd.te new file mode 100644 index 000000000..bd835af55 --- /dev/null +++ b/private/debuggerd.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(debuggerd) diff --git a/private/dhcp.te b/private/dhcp.te new file mode 100644 index 000000000..67451896e --- /dev/null +++ b/private/dhcp.te @@ -0,0 +1,4 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(dhcp) +type_transition dhcp system_data_file:{ dir file } dhcp_data_file; diff --git a/private/drmserver.te b/private/drmserver.te new file mode 100644 index 000000000..340c454f8 --- /dev/null +++ b/private/drmserver.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(drmserver) diff --git a/private/dumpstate.te b/private/dumpstate.te new file mode 100644 index 000000000..ad646f4be --- /dev/null +++ b/private/dumpstate.te @@ -0,0 +1,6 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(dumpstate) + +# Execute and transition to the vdc domain +domain_auto_trans(dumpstate, vdc_exec, vdc) diff --git a/file_contexts b/private/file_contexts similarity index 100% rename from file_contexts rename to private/file_contexts diff --git a/file_contexts_asan b/private/file_contexts_asan similarity index 100% rename from file_contexts_asan rename to private/file_contexts_asan diff --git a/private/fingerprintd.te b/private/fingerprintd.te new file mode 100644 index 000000000..a733cabd9 --- /dev/null +++ b/private/fingerprintd.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(fingerprintd) diff --git a/fs_use b/private/fs_use similarity index 100% rename from fs_use rename to private/fs_use diff --git a/private/fsck.te b/private/fsck.te new file mode 100644 index 000000000..f3f4c52d2 --- /dev/null +++ b/private/fsck.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(fsck) diff --git a/private/gatekeeperd.te b/private/gatekeeperd.te new file mode 100644 index 000000000..d050c2edf --- /dev/null +++ b/private/gatekeeperd.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(gatekeeperd) diff --git a/genfs_contexts b/private/genfs_contexts similarity index 100% rename from genfs_contexts rename to private/genfs_contexts diff --git a/private/hci_attach.te b/private/hci_attach.te new file mode 100644 index 000000000..c8ba3f6b0 --- /dev/null +++ b/private/hci_attach.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(hci_attach) \ No newline at end of file diff --git a/private/hostapd.te b/private/hostapd.te new file mode 100644 index 000000000..d895f2916 --- /dev/null +++ b/private/hostapd.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(hostapd) diff --git a/private/hwservicemanager.te b/private/hwservicemanager.te new file mode 100644 index 000000000..e15d13db0 --- /dev/null +++ b/private/hwservicemanager.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(hwservicemanager) diff --git a/private/init.te b/private/init.te new file mode 100644 index 000000000..c2354548b --- /dev/null +++ b/private/init.te @@ -0,0 +1,18 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +tmpfs_domain(init) + +# Transitions to seclabel processes in init.rc +domain_trans(init, rootfs, adbd) +domain_trans(init, rootfs, healthd) +domain_trans(init, rootfs, slideshow) +recovery_only(` + domain_trans(init, rootfs, recovery) +') +domain_trans(init, shell_exec, shell) +domain_trans(init, init_exec, ueventd) +domain_trans(init, init_exec, watchdogd) +# case where logpersistd is actually logcat -f in logd context (nee: logcatd) +userdebug_or_eng(` + domain_auto_trans(init, logcat_exec, logd) +') diff --git a/initial_sid_contexts b/private/initial_sid_contexts similarity index 100% rename from initial_sid_contexts rename to private/initial_sid_contexts diff --git a/initial_sids b/private/initial_sids similarity index 100% rename from initial_sids rename to private/initial_sids diff --git a/private/inputflinger.te b/private/inputflinger.te new file mode 100644 index 000000000..0d3782f40 --- /dev/null +++ b/private/inputflinger.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(inputflinger) \ No newline at end of file diff --git a/private/install_recovery.te b/private/install_recovery.te new file mode 100644 index 000000000..b9b402b56 --- /dev/null +++ b/private/install_recovery.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(install_recovery) diff --git a/private/installd.te b/private/installd.te new file mode 100644 index 000000000..50b3821b8 --- /dev/null +++ b/private/installd.te @@ -0,0 +1,12 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(installd) + +# Run dex2oat in its own sandbox. +domain_auto_trans(installd, dex2oat_exec, dex2oat) + +# Run profman in its own sandbox. +domain_auto_trans(installd, profman_exec, profman) + +# Run idmap in its own sandbox. +domain_auto_trans(installd, idmap_exec, idmap) diff --git a/private/kernel.te b/private/kernel.te new file mode 100644 index 000000000..1c2223e57 --- /dev/null +++ b/private/kernel.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +domain_auto_trans(kernel, init_exec, init) diff --git a/keys.conf b/private/keys.conf similarity index 100% rename from keys.conf rename to private/keys.conf diff --git a/private/keystore.te b/private/keystore.te new file mode 100644 index 000000000..70ad3b24d --- /dev/null +++ b/private/keystore.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(keystore) diff --git a/private/lmkd.te b/private/lmkd.te new file mode 100644 index 000000000..a5d0d7756 --- /dev/null +++ b/private/lmkd.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(lmkd) diff --git a/private/logd.te b/private/logd.te new file mode 100644 index 000000000..52600ac51 --- /dev/null +++ b/private/logd.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(logd) diff --git a/mac_permissions.xml b/private/mac_permissions.xml similarity index 100% rename from mac_permissions.xml rename to private/mac_permissions.xml diff --git a/private/mdnsd.te b/private/mdnsd.te new file mode 100644 index 000000000..54659d1d1 --- /dev/null +++ b/private/mdnsd.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(mdnsd) diff --git a/private/mediacodec.te b/private/mediacodec.te new file mode 100644 index 000000000..7f88433a1 --- /dev/null +++ b/private/mediacodec.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(mediacodec) diff --git a/private/mediadrmserver.te b/private/mediadrmserver.te new file mode 100644 index 000000000..5a8e7446c --- /dev/null +++ b/private/mediadrmserver.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(mediadrmserver) diff --git a/private/mediaextractor.te b/private/mediaextractor.te new file mode 100644 index 000000000..8596c1440 --- /dev/null +++ b/private/mediaextractor.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(mediaextractor) diff --git a/private/mediaserver.te b/private/mediaserver.te new file mode 100644 index 000000000..74b11b07b --- /dev/null +++ b/private/mediaserver.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(mediaserver) diff --git a/mls b/private/mls similarity index 100% rename from mls rename to private/mls diff --git a/mls_macros b/private/mls_macros similarity index 100% rename from mls_macros rename to private/mls_macros diff --git a/private/mtp.te b/private/mtp.te new file mode 100644 index 000000000..69e1353b0 --- /dev/null +++ b/private/mtp.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(mtp) diff --git a/private/netd.te b/private/netd.te new file mode 100644 index 000000000..cc87dcbb4 --- /dev/null +++ b/private/netd.te @@ -0,0 +1,9 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(netd) + +# Allow netd to spawn dnsmasq in it's own domain +domain_auto_trans(netd, dnsmasq_exec, dnsmasq) + +# Allow netd to start clatd in its own domain +domain_auto_trans(netd, clatd_exec, clatd) diff --git a/private/otapreopt_chroot.te b/private/otapreopt_chroot.te new file mode 100644 index 000000000..8e54a790f --- /dev/null +++ b/private/otapreopt_chroot.te @@ -0,0 +1,4 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +# Allow to transition to postinstall_ota, to run otapreopt in its own sandbox. +domain_auto_trans(otapreopt_chroot, postinstall_file, postinstall_dexopt) diff --git a/private/otapreopt_slot.te b/private/otapreopt_slot.te new file mode 100644 index 000000000..519c34274 --- /dev/null +++ b/private/otapreopt_slot.te @@ -0,0 +1,5 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +# Technically not a daemon but we do want the transition from init domain to +# cppreopts to occur. +init_daemon_domain(otapreopt_slot) diff --git a/perfprofd.te b/private/perfprofd.te similarity index 100% rename from perfprofd.te rename to private/perfprofd.te diff --git a/policy_capabilities b/private/policy_capabilities similarity index 100% rename from policy_capabilities rename to private/policy_capabilities diff --git a/port_contexts b/private/port_contexts similarity index 100% rename from port_contexts rename to private/port_contexts diff --git a/private/postinstall.te b/private/postinstall.te new file mode 100644 index 000000000..47bf320f3 --- /dev/null +++ b/private/postinstall.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +domain_auto_trans(postinstall, otapreopt_chroot_exec, otapreopt_chroot) diff --git a/private/postinstall_dexopt.te b/private/postinstall_dexopt.te new file mode 100644 index 000000000..7596465aa --- /dev/null +++ b/private/postinstall_dexopt.te @@ -0,0 +1,5 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +# Run dex2oat/patchoat in its own sandbox. +# We have to manually transition, as we don't have an entrypoint. +domain_auto_trans(postinstall_dexopt, postinstall_file, dex2oat) diff --git a/private/ppp.te b/private/ppp.te new file mode 100644 index 000000000..befc20e5e --- /dev/null +++ b/private/ppp.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +domain_auto_trans(mtp, ppp_exec, ppp) diff --git a/property_contexts b/private/property_contexts similarity index 100% rename from property_contexts rename to private/property_contexts diff --git a/private/racoon.te b/private/racoon.te new file mode 100644 index 000000000..3eeb8151a --- /dev/null +++ b/private/racoon.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(racoon) diff --git a/private/recovery_persist.te b/private/recovery_persist.te new file mode 100644 index 000000000..3b7462934 --- /dev/null +++ b/private/recovery_persist.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(recovery_persist) diff --git a/private/recovery_refresh.te b/private/recovery_refresh.te new file mode 100644 index 000000000..8204465d2 --- /dev/null +++ b/private/recovery_refresh.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(recovery_refresh) diff --git a/private/rild.te b/private/rild.te new file mode 100644 index 000000000..ac6a05d36 --- /dev/null +++ b/private/rild.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(rild) diff --git a/roles b/private/roles similarity index 100% rename from roles rename to private/roles diff --git a/private/runas.te b/private/runas.te new file mode 100644 index 000000000..d791501b3 --- /dev/null +++ b/private/runas.te @@ -0,0 +1,4 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +# ndk-gdb invokes adb shell run-as. +domain_auto_trans(shell, runas_exec, runas) diff --git a/private/sdcardd.te b/private/sdcardd.te new file mode 100644 index 000000000..55915fed7 --- /dev/null +++ b/private/sdcardd.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +type_transition sdcardd system_data_file:{ dir file } media_rw_data_file; diff --git a/seapp_contexts b/private/seapp_contexts similarity index 100% rename from seapp_contexts rename to private/seapp_contexts diff --git a/security_classes b/private/security_classes similarity index 100% rename from security_classes rename to private/security_classes diff --git a/service_contexts b/private/service_contexts similarity index 100% rename from service_contexts rename to private/service_contexts diff --git a/private/servicemanager.te b/private/servicemanager.te new file mode 100644 index 000000000..1514b0f37 --- /dev/null +++ b/private/servicemanager.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(servicemanager) diff --git a/su.te b/private/su.te similarity index 100% rename from su.te rename to private/su.te diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te new file mode 100644 index 000000000..ae8ab08e4 --- /dev/null +++ b/private/surfaceflinger.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(surfaceflinger) diff --git a/private/system_server.te b/private/system_server.te new file mode 100644 index 000000000..bab3d725f --- /dev/null +++ b/private/system_server.te @@ -0,0 +1,6 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +# Define a type for tmpfs-backed ashmem regions. +tmpfs_domain(system_server) +# Create a socket for connections from debuggerd. +type_transition system_server system_data_file:sock_file system_ndebug_socket "ndebugsocket"; diff --git a/private/tee.te b/private/tee.te new file mode 100644 index 000000000..17b276fdd --- /dev/null +++ b/private/tee.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(tee) diff --git a/private/toolbox.te b/private/toolbox.te new file mode 100644 index 000000000..fd43d5ee6 --- /dev/null +++ b/private/toolbox.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(toolbox) diff --git a/private/tzdatacheck.te b/private/tzdatacheck.te new file mode 100644 index 000000000..ee67bb2e5 --- /dev/null +++ b/private/tzdatacheck.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(tzdatacheck) diff --git a/private/ueventd.te b/private/ueventd.te new file mode 100644 index 000000000..5034db7f9 --- /dev/null +++ b/private/ueventd.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +tmpfs_domain(ueventd) diff --git a/private/uncrypt.te b/private/uncrypt.te new file mode 100644 index 000000000..e2b919c74 --- /dev/null +++ b/private/uncrypt.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(uncrypt) diff --git a/private/update_engine.te b/private/update_engine.te new file mode 100644 index 000000000..01199ebb2 --- /dev/null +++ b/private/update_engine.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(update_engine); diff --git a/private/update_engine_common.te b/private/update_engine_common.te new file mode 100644 index 000000000..a7fb58471 --- /dev/null +++ b/private/update_engine_common.te @@ -0,0 +1,5 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +# The postinstall program is run by update_engine_common and will always be tagged as a +# postinstall_file regardless of its attributes in the new system. +domain_auto_trans(update_engine_common, postinstall_file, postinstall) diff --git a/private/update_verifier.te b/private/update_verifier.te new file mode 100644 index 000000000..c5f110b6c --- /dev/null +++ b/private/update_verifier.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(update_verifier) diff --git a/users b/private/users similarity index 100% rename from users rename to private/users diff --git a/private/vdc.te b/private/vdc.te new file mode 100644 index 000000000..877e91331 --- /dev/null +++ b/private/vdc.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(vdc) diff --git a/private/vold.te b/private/vold.te new file mode 100644 index 000000000..b2495f688 --- /dev/null +++ b/private/vold.te @@ -0,0 +1,19 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(vold) + +# Switch to more restrictive domains when executing common tools +domain_auto_trans(vold, sgdisk_exec, sgdisk); +domain_auto_trans(vold, sdcardd_exec, sdcardd); + +# For a handful of probing tools, we choose an even more restrictive +# domain when working with untrusted block devices +domain_trans(vold, shell_exec, blkid); +domain_trans(vold, shell_exec, blkid_untrusted); +domain_trans(vold, fsck_exec, fsck); +domain_trans(vold, fsck_exec, fsck_untrusted); + +# Newly created storage dirs are always treated as mount stubs to prevent us +# from accidentally writing when the mount point isn't present. +type_transition vold storage_file:dir storage_stub_file; +type_transition vold mnt_media_rw_file:dir mnt_media_rw_stub_file; diff --git a/private/wifi_hal_legacy.te b/private/wifi_hal_legacy.te new file mode 100644 index 000000000..cb2c6dab5 --- /dev/null +++ b/private/wifi_hal_legacy.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(wifi_hal_legacy) diff --git a/private/wificond.te b/private/wificond.te new file mode 100644 index 000000000..2e89975d0 --- /dev/null +++ b/private/wificond.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(wificond) diff --git a/private/wpa.te b/private/wpa.te new file mode 100644 index 000000000..4bf29cfb5 --- /dev/null +++ b/private/wpa.te @@ -0,0 +1,6 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(wpa) + +# Create a socket for receiving info from wpa +type_transition wpa wifi_data_file:dir wpa_socket "sockets"; diff --git a/private/zygote.te b/private/zygote.te new file mode 100644 index 000000000..bab15c7a8 --- /dev/null +++ b/private/zygote.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(zygote) diff --git a/adbd.te b/public/adbd.te similarity index 98% rename from adbd.te rename to public/adbd.te index 45bed8e59..450bc1da3 100644 --- a/adbd.te +++ b/public/adbd.te @@ -7,8 +7,6 @@ userdebug_or_eng(` allow adbd su:process dyntransition; ') -domain_auto_trans(adbd, shell_exec, shell) - # Do not sanitize the environment or open fds of the shell. Allow signaling # created processes. allow adbd shell:process { noatsecure signal }; diff --git a/android_hardware_nfc_1_0_service.te b/public/android_hardware_nfc_1_0_service.te similarity index 89% rename from android_hardware_nfc_1_0_service.te rename to public/android_hardware_nfc_1_0_service.te index f980da43b..79da53b78 100644 --- a/android_hardware_nfc_1_0_service.te +++ b/public/android_hardware_nfc_1_0_service.te @@ -2,9 +2,6 @@ type android_hardware_nfc_1_0_service, domain; type android_hardware_nfc_1_0_service_exec, exec_type, file_type; -# may be started by init -init_daemon_domain(android_hardware_nfc_1_0_service) - # hwbinder access hwbinder_use(android_hardware_nfc_1_0_service) diff --git a/app.te b/public/app.te similarity index 100% rename from app.te rename to public/app.te diff --git a/attributes b/public/attributes similarity index 100% rename from attributes rename to public/attributes diff --git a/audioserver.te b/public/audioserver.te similarity index 98% rename from audioserver.te rename to public/audioserver.te index da12649e3..dab4ea54c 100644 --- a/audioserver.te +++ b/public/audioserver.te @@ -2,8 +2,6 @@ type audioserver, domain; type audioserver_exec, exec_type, file_type; -init_daemon_domain(audioserver) - r_dir_file(audioserver, sdcard_type) binder_use(audioserver) diff --git a/autoplay_app.te b/public/autoplay_app.te similarity index 96% rename from autoplay_app.te rename to public/autoplay_app.te index f671d5d37..5fe1000be 100644 --- a/autoplay_app.te +++ b/public/autoplay_app.te @@ -16,9 +16,6 @@ type autoplay_app, domain; allow autoplay_app self:process execmem; allow autoplay_app ashmem_device:chr_file execute; -# Define and allow access to our own type for ashmem regions. -# Label ashmem objects with our own unique type. -tmpfs_domain(autoplay_app) # Map with PROT_EXEC. allow autoplay_app autoplay_app_tmpfs:file execute; diff --git a/binderservicedomain.te b/public/binderservicedomain.te similarity index 100% rename from binderservicedomain.te rename to public/binderservicedomain.te diff --git a/blkid.te b/public/blkid.te similarity index 100% rename from blkid.te rename to public/blkid.te diff --git a/blkid_untrusted.te b/public/blkid_untrusted.te similarity index 100% rename from blkid_untrusted.te rename to public/blkid_untrusted.te diff --git a/bluetooth.te b/public/bluetooth.te similarity index 97% rename from bluetooth.te rename to public/bluetooth.te index d8448a6d9..332d2ab3c 100644 --- a/bluetooth.te +++ b/public/bluetooth.te @@ -14,7 +14,6 @@ allow bluetooth bluetooth_logs_data_file:dir rw_dir_perms; allow bluetooth bluetooth_logs_data_file:file create_file_perms; # Socket creation under /data/misc/bluedroid. -type_transition bluetooth bluetooth_data_file:sock_file bluetooth_socket; allow bluetooth bluetooth_socket:sock_file create_file_perms; # bluetooth factory file accesses. diff --git a/bluetoothdomain.te b/public/bluetoothdomain.te similarity index 100% rename from bluetoothdomain.te rename to public/bluetoothdomain.te diff --git a/boot_control_hal.te b/public/boot_control_hal.te similarity index 100% rename from boot_control_hal.te rename to public/boot_control_hal.te diff --git a/bootanim.te b/public/bootanim.te similarity index 96% rename from bootanim.te rename to public/bootanim.te index e18654c2c..abbcacac7 100644 --- a/bootanim.te +++ b/public/bootanim.te @@ -2,8 +2,6 @@ type bootanim, domain; type bootanim_exec, exec_type, file_type; -init_daemon_domain(bootanim) - binder_use(bootanim) binder_call(bootanim, surfaceflinger) binder_call(bootanim, audioserver) diff --git a/bootstat.te b/public/bootstat.te similarity index 91% rename from bootstat.te rename to public/bootstat.te index 44a8c91b8..82d730ccb 100644 --- a/bootstat.te +++ b/public/bootstat.te @@ -2,8 +2,6 @@ type bootstat, domain; type bootstat_exec, exec_type, file_type; -init_daemon_domain(bootstat) - # Allow persistent storage in /data/misc/bootstat. allow bootstat bootstat_data_file:dir rw_dir_perms; allow bootstat bootstat_data_file:file create_file_perms; diff --git a/cameraserver.te b/public/cameraserver.te similarity index 97% rename from cameraserver.te rename to public/cameraserver.te index c12b1a2f8..b12d17cc4 100644 --- a/cameraserver.te +++ b/public/cameraserver.te @@ -2,8 +2,6 @@ type cameraserver, domain; type cameraserver_exec, exec_type, file_type; -init_daemon_domain(cameraserver) - binder_use(cameraserver) binder_call(cameraserver, binderservicedomain) binder_call(cameraserver, appdomain) diff --git a/clatd.te b/public/clatd.te similarity index 100% rename from clatd.te rename to public/clatd.te diff --git a/cppreopts.te b/public/cppreopts.te similarity index 80% rename from cppreopts.te rename to public/cppreopts.te index 66df7eea4..8cbf80187 100644 --- a/cppreopts.te +++ b/public/cppreopts.te @@ -7,12 +7,6 @@ type cppreopts, domain, mlstrustedsubject; type cppreopts_exec, exec_type, file_type; -# Technically not a daemon but we do want the transition from init domain to -# cppreopts to occur. -init_daemon_domain(cppreopts) - -domain_auto_trans(cppreopts, preopt2cachename_exec, preopt2cachename); - # Allow cppreopts copy files into the dalvik-cache allow cppreopts dalvikcache_data_file:dir { add_name remove_name search write }; allow cppreopts dalvikcache_data_file:file { create getattr open read rename write }; diff --git a/debuggerd.te b/public/debuggerd.te similarity index 98% rename from debuggerd.te rename to public/debuggerd.te index 80d3f5c6c..da1314a04 100644 --- a/debuggerd.te +++ b/public/debuggerd.te @@ -2,7 +2,6 @@ type debuggerd, domain, domain_deprecated; type debuggerd_exec, exec_type, file_type; -init_daemon_domain(debuggerd) typeattribute debuggerd mlstrustedsubject; allow debuggerd self:capability { dac_override sys_ptrace chown kill fowner setuid setgid }; allow debuggerd self:capability2 { syslog }; diff --git a/device.te b/public/device.te similarity index 100% rename from device.te rename to public/device.te diff --git a/dex2oat.te b/public/dex2oat.te similarity index 100% rename from dex2oat.te rename to public/dex2oat.te diff --git a/dhcp.te b/public/dhcp.te similarity index 92% rename from dhcp.te rename to public/dhcp.te index a051b192d..6b9fb4ad1 100644 --- a/dhcp.te +++ b/public/dhcp.te @@ -2,7 +2,6 @@ type dhcp, domain, domain_deprecated; type dhcp_exec, exec_type, file_type; type dhcp_data_file, file_type, data_file_type; -init_daemon_domain(dhcp) net_domain(dhcp) allow dhcp cgroup:dir { create write add_name }; @@ -21,7 +20,6 @@ allow dhcp proc_net:file write; set_prop(dhcp, dhcp_prop) set_prop(dhcp, pan_result_prop) -type_transition dhcp system_data_file:{ dir file } dhcp_data_file; allow dhcp dhcp_data_file:dir create_dir_perms; allow dhcp dhcp_data_file:file create_file_perms; diff --git a/dnsmasq.te b/public/dnsmasq.te similarity index 100% rename from dnsmasq.te rename to public/dnsmasq.te diff --git a/domain.te b/public/domain.te similarity index 100% rename from domain.te rename to public/domain.te diff --git a/domain_deprecated.te b/public/domain_deprecated.te similarity index 100% rename from domain_deprecated.te rename to public/domain_deprecated.te diff --git a/drmserver.te b/public/drmserver.te similarity index 98% rename from drmserver.te rename to public/drmserver.te index d0adf4615..66cc432bd 100644 --- a/drmserver.te +++ b/public/drmserver.te @@ -2,7 +2,6 @@ type drmserver, domain; type drmserver_exec, exec_type, file_type; -init_daemon_domain(drmserver) typeattribute drmserver mlstrustedsubject; net_domain(drmserver) diff --git a/dumpstate.te b/public/dumpstate.te similarity index 98% rename from dumpstate.te rename to public/dumpstate.te index 9f3370e39..17764c30e 100644 --- a/dumpstate.te +++ b/public/dumpstate.te @@ -2,7 +2,6 @@ type dumpstate, domain, domain_deprecated, mlstrustedsubject; type dumpstate_exec, exec_type, file_type; -init_daemon_domain(dumpstate) net_domain(dumpstate) binder_use(dumpstate) wakelock_use(dumpstate) @@ -80,9 +79,6 @@ allow dumpstate { surfaceflinger }:debuggerd dump_backtrace; -# Execute and transition to the vdc domain -domain_auto_trans(dumpstate, vdc_exec, vdc) - # Vibrate the device after we're done collecting the bugreport # /sys/class/timed_output/vibrator/enable # TODO: create a new file class, instead of allowing write access to all of /sys diff --git a/file.te b/public/file.te similarity index 100% rename from file.te rename to public/file.te diff --git a/fingerprintd.te b/public/fingerprintd.te similarity index 94% rename from fingerprintd.te rename to public/fingerprintd.te index 09d39b187..b541e34ef 100644 --- a/fingerprintd.te +++ b/public/fingerprintd.te @@ -1,8 +1,6 @@ type fingerprintd, domain, domain_deprecated; type fingerprintd_exec, exec_type, file_type; -# fingerprintd -init_daemon_domain(fingerprintd) binder_use(fingerprintd) # need to find KeyStore and add self diff --git a/fsck.te b/public/fsck.te similarity index 98% rename from fsck.te rename to public/fsck.te index 9f372ce25..bdbbd3335 100644 --- a/fsck.te +++ b/public/fsck.te @@ -2,8 +2,6 @@ type fsck, domain, domain_deprecated; type fsck_exec, exec_type, file_type; -init_daemon_domain(fsck) - # /dev/__null__ created by init prior to policy load, # open fd inherited by fsck. allow fsck tmpfs:chr_file { read write ioctl }; diff --git a/fsck_untrusted.te b/public/fsck_untrusted.te similarity index 100% rename from fsck_untrusted.te rename to public/fsck_untrusted.te diff --git a/gatekeeperd.te b/public/gatekeeperd.te similarity index 97% rename from gatekeeperd.te rename to public/gatekeeperd.te index bc4fe81b4..13d2db729 100644 --- a/gatekeeperd.te +++ b/public/gatekeeperd.te @@ -2,7 +2,6 @@ type gatekeeperd, domain; type gatekeeperd_exec, exec_type, file_type; # gatekeeperd -init_daemon_domain(gatekeeperd) binder_service(gatekeeperd) binder_use(gatekeeperd) allow gatekeeperd tee_device:chr_file rw_file_perms; diff --git a/global_macros b/public/global_macros similarity index 100% rename from global_macros rename to public/global_macros diff --git a/hci_attach.te b/public/hci_attach.te similarity index 90% rename from hci_attach.te rename to public/hci_attach.te index 543cae1a0..04b6113e1 100644 --- a/hci_attach.te +++ b/public/hci_attach.te @@ -1,8 +1,6 @@ type hci_attach, domain, domain_deprecated; type hci_attach_exec, exec_type, file_type; -init_daemon_domain(hci_attach) - allow hci_attach kernel:system module_request; allow hci_attach hci_attach_dev:chr_file rw_file_perms; allow hci_attach bluetooth_efs_file:dir r_dir_perms; diff --git a/healthd.te b/public/healthd.te similarity index 100% rename from healthd.te rename to public/healthd.te diff --git a/hostapd.te b/public/hostapd.te similarity index 97% rename from hostapd.te rename to public/hostapd.te index 62f9cc726..b40bdc84a 100644 --- a/hostapd.te +++ b/public/hostapd.te @@ -2,7 +2,7 @@ type hostapd, domain; type hostapd_exec, exec_type, file_type; -init_daemon_domain(hostapd) + net_domain(hostapd) allow hostapd self:capability { net_admin net_raw }; diff --git a/hwservicemanager.te b/public/hwservicemanager.te similarity index 95% rename from hwservicemanager.te rename to public/hwservicemanager.te index 649e2b8f6..cbb47e525 100644 --- a/hwservicemanager.te +++ b/public/hwservicemanager.te @@ -2,8 +2,6 @@ type hwservicemanager, domain, mlstrustedsubject; type hwservicemanager_exec, exec_type, file_type; -init_daemon_domain(hwservicemanager) - # Note that we do not use the binder_* macros here. # hwservicemanager only provides name service (aka context manager) # for Binder. diff --git a/idmap.te b/public/idmap.te similarity index 100% rename from idmap.te rename to public/idmap.te diff --git a/init.te b/public/init.te similarity index 96% rename from init.te rename to public/init.te index 1512d0b4c..16bafc31d 100644 --- a/init.te +++ b/public/init.te @@ -1,6 +1,5 @@ # init is its own domain. type init, domain, domain_deprecated, mlstrustedsubject; -tmpfs_domain(init) # The init domain is entered by execing init. type init_exec, exec_type, file_type; @@ -224,21 +223,6 @@ allow init sysfs_type:dir r_dir_perms; allow init sysfs_type:lnk_file read; allow init sysfs_type:file rw_file_perms; -# Transitions to seclabel processes in init.rc -domain_trans(init, rootfs, adbd) -domain_trans(init, rootfs, healthd) -domain_trans(init, rootfs, slideshow) -recovery_only(` - domain_trans(init, rootfs, recovery) -') -domain_trans(init, shell_exec, shell) -domain_trans(init, init_exec, ueventd) -domain_trans(init, init_exec, watchdogd) -# case where logpersistd is actually logcat -f in logd context (nee: logcatd) -userdebug_or_eng(` - domain_auto_trans(init, logcat_exec, logd) -') - # Init will create /data/misc/logd when the property persist.logd.logpersistd is "logcatd". # Init will also walk through the directory as part of a recursive restorecon. allow init misc_logd_file:dir { open create read getattr setattr search }; diff --git a/inputflinger.te b/public/inputflinger.te similarity index 93% rename from inputflinger.te rename to public/inputflinger.te index b6a5f0b21..bee392fac 100644 --- a/inputflinger.te +++ b/public/inputflinger.te @@ -2,7 +2,6 @@ type inputflinger, domain, domain_deprecated; type inputflinger_exec, exec_type, file_type; -init_daemon_domain(inputflinger) binder_use(inputflinger) binder_service(inputflinger) diff --git a/install_recovery.te b/public/install_recovery.te similarity index 96% rename from install_recovery.te rename to public/install_recovery.te index b11ff7497..132b03da8 100644 --- a/install_recovery.te +++ b/public/install_recovery.te @@ -2,8 +2,6 @@ type install_recovery, domain, domain_deprecated; type install_recovery_exec, exec_type, file_type; -init_daemon_domain(install_recovery) - allow install_recovery self:capability dac_override; # /system/bin/install-recovery.sh is a shell script. diff --git a/installd.te b/public/installd.te similarity index 94% rename from installd.te rename to public/installd.te index 317ae7cea..ead36c17e 100644 --- a/installd.te +++ b/public/installd.te @@ -1,8 +1,6 @@ # installer daemon type installd, domain, domain_deprecated; type installd_exec, exec_type, file_type; - -init_daemon_domain(installd) typeattribute installd mlstrustedsubject; allow installd self:capability { chown dac_override fowner fsetid setgid setuid }; @@ -64,15 +62,6 @@ allow installd dalvikcache_data_file:file create_file_perms; allow installd resourcecache_data_file:dir rw_dir_perms; allow installd resourcecache_data_file:file create_file_perms; -# Run dex2oat in its own sandbox. -domain_auto_trans(installd, dex2oat_exec, dex2oat) - -# Run profman in its own sandbox. -domain_auto_trans(installd, profman_exec, profman) - -# Run idmap in its own sandbox. -domain_auto_trans(installd, idmap_exec, idmap) - # Upgrade from unlabeled userdata. # Just need enough to remove and/or relabel it. allow installd unlabeled:dir { getattr search relabelfrom rw_dir_perms rmdir }; diff --git a/ioctl_defines b/public/ioctl_defines similarity index 100% rename from ioctl_defines rename to public/ioctl_defines diff --git a/ioctl_macros b/public/ioctl_macros similarity index 100% rename from ioctl_macros rename to public/ioctl_macros diff --git a/isolated_app.te b/public/isolated_app.te similarity index 100% rename from isolated_app.te rename to public/isolated_app.te diff --git a/kernel.te b/public/kernel.te similarity index 98% rename from kernel.te rename to public/kernel.te index 3608a1020..556904c1f 100644 --- a/kernel.te +++ b/public/kernel.te @@ -67,8 +67,6 @@ userdebug_or_eng(` allow kernel nativetest_data_file:file read; ') -domain_auto_trans(kernel, init_exec, init) - # Access to /data/media. # This should be removed if sdcardfs is modified to alter the secontext for its # accesses to the underlying FS. diff --git a/keystore.te b/public/keystore.te similarity index 97% rename from keystore.te rename to public/keystore.te index 3d7bd9210..42150176a 100644 --- a/keystore.te +++ b/public/keystore.te @@ -2,7 +2,6 @@ type keystore, domain, domain_deprecated; type keystore_exec, exec_type, file_type; # keystore daemon -init_daemon_domain(keystore) typeattribute keystore mlstrustedsubject; binder_use(keystore) binder_service(keystore) diff --git a/lmkd.te b/public/lmkd.te similarity index 97% rename from lmkd.te rename to public/lmkd.te index 5302bcd56..316036f03 100644 --- a/lmkd.te +++ b/public/lmkd.te @@ -2,8 +2,6 @@ type lmkd, domain, domain_deprecated, mlstrustedsubject; type lmkd_exec, exec_type, file_type; -init_daemon_domain(lmkd) - allow lmkd self:capability { dac_override sys_resource kill }; # lmkd locks itself in memory, to prevent it from being diff --git a/logd.te b/public/logd.te similarity index 98% rename from logd.te rename to public/logd.te index c9072f381..1171ebf26 100644 --- a/logd.te +++ b/public/logd.te @@ -2,8 +2,6 @@ type logd, domain, mlstrustedsubject; type logd_exec, exec_type, file_type; -init_daemon_domain(logd) - # Read access to pseudo filesystems. r_dir_file(logd, cgroup) r_dir_file(logd, proc) diff --git a/mdnsd.te b/public/mdnsd.te similarity index 86% rename from mdnsd.te rename to public/mdnsd.te index a9dc7c565..c32b433c9 100644 --- a/mdnsd.te +++ b/public/mdnsd.te @@ -2,7 +2,6 @@ type mdnsd, domain, mlstrustedsubject; type mdnsd_exec, exec_type, file_type; -init_daemon_domain(mdnsd) net_domain(mdnsd) # Read from /proc/net diff --git a/mediacodec.te b/public/mediacodec.te similarity index 96% rename from mediacodec.te rename to public/mediacodec.te index 3d3625ab7..0b562c12e 100644 --- a/mediacodec.te +++ b/public/mediacodec.te @@ -4,8 +4,6 @@ type mediacodec_exec, exec_type, file_type; typeattribute mediacodec mlstrustedsubject; -init_daemon_domain(mediacodec) - binder_use(mediacodec) binder_call(mediacodec, binderservicedomain) binder_call(mediacodec, appdomain) diff --git a/mediadrmserver.te b/public/mediadrmserver.te similarity index 98% rename from mediadrmserver.te rename to public/mediadrmserver.te index d9368ad37..db8e082f3 100644 --- a/mediadrmserver.te +++ b/public/mediadrmserver.te @@ -5,8 +5,6 @@ type mediadrmserver_exec, exec_type, file_type; typeattribute mediadrmserver mlstrustedsubject; net_domain(mediadrmserver) -init_daemon_domain(mediadrmserver) - binder_use(mediadrmserver) binder_call(mediadrmserver, binderservicedomain) binder_call(mediadrmserver, appdomain) diff --git a/mediaextractor.te b/public/mediaextractor.te similarity index 95% rename from mediaextractor.te rename to public/mediaextractor.te index fe874479d..ec0ce31a7 100644 --- a/mediaextractor.te +++ b/public/mediaextractor.te @@ -4,8 +4,6 @@ type mediaextractor_exec, exec_type, file_type; typeattribute mediaextractor mlstrustedsubject; -init_daemon_domain(mediaextractor) - binder_use(mediaextractor) binder_call(mediaextractor, binderservicedomain) binder_call(mediaextractor, appdomain) diff --git a/mediaserver.te b/public/mediaserver.te similarity index 99% rename from mediaserver.te rename to public/mediaserver.te index e55c778e9..9e062b809 100644 --- a/mediaserver.te +++ b/public/mediaserver.te @@ -5,7 +5,6 @@ type mediaserver_exec, exec_type, file_type; typeattribute mediaserver mlstrustedsubject; net_domain(mediaserver) -init_daemon_domain(mediaserver) r_dir_file(mediaserver, sdcard_type) r_dir_file(mediaserver, cgroup) diff --git a/mtp.te b/public/mtp.te similarity index 92% rename from mtp.te rename to public/mtp.te index 02d4b5633..0ca7cea35 100644 --- a/mtp.te +++ b/public/mtp.te @@ -2,7 +2,6 @@ type mtp, domain, domain_deprecated; type mtp_exec, exec_type, file_type; -init_daemon_domain(mtp) net_domain(mtp) # pptp policy diff --git a/net.te b/public/net.te similarity index 100% rename from net.te rename to public/net.te diff --git a/netd.te b/public/netd.te similarity index 97% rename from netd.te rename to public/netd.te index f01022aab..dc4a1b3ee 100644 --- a/netd.te +++ b/public/netd.te @@ -2,7 +2,6 @@ type netd, domain, domain_deprecated, mlstrustedsubject; type netd_exec, exec_type, file_type; -init_daemon_domain(netd) net_domain(netd) # in addition to ioctls whitelisted for all domains, grant netd priv_sock_ioctls. allowxperm netd self:udp_socket ioctl priv_sock_ioctls; @@ -52,11 +51,9 @@ allow netd net_data_file:dir rw_dir_perms; allow netd self:capability fowner; # Allow netd to spawn dnsmasq in it's own domain -domain_auto_trans(netd, dnsmasq_exec, dnsmasq) allow netd dnsmasq:process signal; # Allow netd to start clatd in its own domain -domain_auto_trans(netd, clatd_exec, clatd) allow netd clatd:process signal; set_prop(netd, ctl_mdnsd_prop) diff --git a/neverallow_macros b/public/neverallow_macros similarity index 100% rename from neverallow_macros rename to public/neverallow_macros diff --git a/nfc.te b/public/nfc.te similarity index 100% rename from nfc.te rename to public/nfc.te diff --git a/otapreopt_chroot.te b/public/otapreopt_chroot.te similarity index 84% rename from otapreopt_chroot.te rename to public/otapreopt_chroot.te index 1c5f2eed0..c071f447f 100644 --- a/otapreopt_chroot.te +++ b/public/otapreopt_chroot.te @@ -13,9 +13,6 @@ allow otapreopt_chroot labeledfs:filesystem mount; # Mounting /vendor can have this side-effect. Ignore denial. dontaudit otapreopt_chroot kernel:process setsched; -# Allow to transition to postinstall_ota, to run otapreopt in its own sandbox. -domain_auto_trans(otapreopt_chroot, postinstall_file, postinstall_dexopt) - # Allow otapreopt to use file descriptors from update-engine. It will # close them immediately. allow otapreopt_chroot postinstall:fd use; diff --git a/otapreopt_slot.te b/public/otapreopt_slot.te similarity index 89% rename from otapreopt_slot.te rename to public/otapreopt_slot.te index 2f4da0a12..5745ba786 100644 --- a/otapreopt_slot.te +++ b/public/otapreopt_slot.te @@ -6,9 +6,6 @@ type otapreopt_slot, domain, mlstrustedsubject; type otapreopt_slot_exec, exec_type, file_type; -# Technically not a daemon but we do want the transition from init domain to -# cppreopts to occur. -init_daemon_domain(otapreopt_slot) # The otapreopt_slot renames the OTA dalvik-cache to the regular dalvik-cache, and cleans up # the directory afterwards. For logging of aggregate size, we need getattr. diff --git a/platform_app.te b/public/platform_app.te similarity index 100% rename from platform_app.te rename to public/platform_app.te diff --git a/postinstall.te b/public/postinstall.te similarity index 95% rename from postinstall.te rename to public/postinstall.te index 0f6bb749b..7fd4dc611 100644 --- a/postinstall.te +++ b/public/postinstall.te @@ -30,8 +30,6 @@ binder_call(postinstall, system_server) # Need to talk to the otadexopt service. allow postinstall otadexopt_service:service_manager find; -domain_auto_trans(postinstall, otapreopt_chroot_exec, otapreopt_chroot) - # No domain other than update_engine and recovery (via update_engine_sideload) # should transition to postinstall, as it is only meant to run during the # update. diff --git a/postinstall_dexopt.te b/public/postinstall_dexopt.te similarity index 91% rename from postinstall_dexopt.te rename to public/postinstall_dexopt.te index e0cc25720..5fdc51031 100644 --- a/postinstall_dexopt.te +++ b/public/postinstall_dexopt.te @@ -5,7 +5,6 @@ type postinstall_dexopt, domain; -# init_daemon_domain(otapreopt) allow postinstall_dexopt self:capability { chown dac_override fowner setgid setuid }; allow postinstall_dexopt postinstall_file:dir { getattr search }; @@ -43,9 +42,6 @@ allow postinstall_dexopt dalvikcache_data_file:file { relabelto link }; selinux_check_context(postinstall_dexopt) selinux_check_access(postinstall_dexopt) -# Run dex2oat/patchoat in its own sandbox. -# We have to manually transition, as we don't have an entrypoint. -domain_auto_trans(postinstall_dexopt, postinstall_file, dex2oat) # Postinstall wants to know about our child. allow postinstall_dexopt postinstall:process sigchld; diff --git a/ppp.te b/public/ppp.te similarity index 92% rename from ppp.te rename to public/ppp.te index 3fb6f2b06..5708822ee 100644 --- a/ppp.te +++ b/public/ppp.te @@ -2,7 +2,6 @@ type ppp, domain, domain_deprecated; type ppp_device, dev_type; type ppp_exec, exec_type, file_type; -domain_auto_trans(mtp, ppp_exec, ppp) net_domain(ppp) diff --git a/preopt2cachename.te b/public/preopt2cachename.te similarity index 100% rename from preopt2cachename.te rename to public/preopt2cachename.te diff --git a/priv_app.te b/public/priv_app.te similarity index 100% rename from priv_app.te rename to public/priv_app.te diff --git a/profman.te b/public/profman.te similarity index 100% rename from profman.te rename to public/profman.te diff --git a/property.te b/public/property.te similarity index 100% rename from property.te rename to public/property.te diff --git a/racoon.te b/public/racoon.te similarity index 97% rename from racoon.te rename to public/racoon.te index c3666bd85..c99740fee 100644 --- a/racoon.te +++ b/public/racoon.te @@ -2,7 +2,6 @@ type racoon, domain, domain_deprecated; type racoon_exec, exec_type, file_type; -init_daemon_domain(racoon) typeattribute racoon mlstrustedsubject; net_domain(racoon) diff --git a/radio.te b/public/radio.te similarity index 100% rename from radio.te rename to public/radio.te diff --git a/recovery.te b/public/recovery.te similarity index 100% rename from recovery.te rename to public/recovery.te diff --git a/recovery_persist.te b/public/recovery_persist.te similarity index 96% rename from recovery_persist.te rename to public/recovery_persist.te index 19a240f89..1abcc7c65 100644 --- a/recovery_persist.te +++ b/public/recovery_persist.te @@ -2,8 +2,6 @@ type recovery_persist, domain; type recovery_persist_exec, exec_type, file_type; -init_daemon_domain(recovery_persist) - allow recovery_persist pstorefs:dir search; allow recovery_persist pstorefs:file r_file_perms; diff --git a/recovery_refresh.te b/public/recovery_refresh.te similarity index 96% rename from recovery_refresh.te rename to public/recovery_refresh.te index 9fae1104c..5707e7b28 100644 --- a/recovery_refresh.te +++ b/public/recovery_refresh.te @@ -2,8 +2,6 @@ type recovery_refresh, domain; type recovery_refresh_exec, exec_type, file_type; -init_daemon_domain(recovery_refresh) - allow recovery_refresh pstorefs:dir search; allow recovery_refresh pstorefs:file r_file_perms; # NB: domain inherits write_logd which hands us write to pmsg_device diff --git a/rild.te b/public/rild.te similarity index 98% rename from rild.te rename to public/rild.te index 0d834e19b..85aa04415 100644 --- a/rild.te +++ b/public/rild.te @@ -2,7 +2,6 @@ type rild, domain, domain_deprecated; type rild_exec, exec_type, file_type; -init_daemon_domain(rild) net_domain(rild) allowxperm rild self:udp_socket ioctl priv_sock_ioctls; diff --git a/runas.te b/public/runas.te similarity index 92% rename from runas.te rename to public/runas.te index 58a1bdc1b..21bd8805f 100644 --- a/runas.te +++ b/public/runas.te @@ -1,8 +1,6 @@ type runas, domain, domain_deprecated, mlstrustedsubject; type runas_exec, exec_type, file_type; -# ndk-gdb invokes adb shell run-as. -domain_auto_trans(shell, runas_exec, runas) allow runas adbd:process sigchld; allow runas shell:fd use; allow runas shell:fifo_file { read write }; diff --git a/sdcardd.te b/public/sdcardd.te similarity index 94% rename from sdcardd.te rename to public/sdcardd.te index 846c59b58..52037e6a6 100644 --- a/sdcardd.te +++ b/public/sdcardd.te @@ -14,7 +14,6 @@ allow sdcardd self:capability { setuid setgid dac_override sys_admin sys_resourc allow sdcardd sdcard_type:dir create_dir_perms; allow sdcardd sdcard_type:file create_file_perms; -type_transition sdcardd system_data_file:{ dir file } media_rw_data_file; allow sdcardd media_rw_data_file:dir create_dir_perms; allow sdcardd media_rw_data_file:file create_file_perms; diff --git a/service.te b/public/service.te similarity index 100% rename from service.te rename to public/service.te diff --git a/servicemanager.te b/public/servicemanager.te similarity index 94% rename from servicemanager.te rename to public/servicemanager.te index 4f07a5594..469c6375c 100644 --- a/servicemanager.te +++ b/public/servicemanager.te @@ -2,8 +2,6 @@ type servicemanager, domain, domain_deprecated, mlstrustedsubject; type servicemanager_exec, exec_type, file_type; -init_daemon_domain(servicemanager) - # Note that we do not use the binder_* macros here. # servicemanager is unique in that it only provides # name service (aka context manager) for Binder. diff --git a/sgdisk.te b/public/sgdisk.te similarity index 100% rename from sgdisk.te rename to public/sgdisk.te diff --git a/shared_relro.te b/public/shared_relro.te similarity index 100% rename from shared_relro.te rename to public/shared_relro.te diff --git a/shell.te b/public/shell.te similarity index 100% rename from shell.te rename to public/shell.te diff --git a/slideshow.te b/public/slideshow.te similarity index 100% rename from slideshow.te rename to public/slideshow.te diff --git a/surfaceflinger.te b/public/surfaceflinger.te similarity index 98% rename from surfaceflinger.te rename to public/surfaceflinger.te index d02fc9349..5175f83f8 100644 --- a/surfaceflinger.te +++ b/public/surfaceflinger.te @@ -2,7 +2,6 @@ type surfaceflinger, domain, domain_deprecated; type surfaceflinger_exec, exec_type, file_type; -init_daemon_domain(surfaceflinger) typeattribute surfaceflinger mlstrustedsubject; # Perform Binder IPC. diff --git a/system_app.te b/public/system_app.te similarity index 100% rename from system_app.te rename to public/system_app.te diff --git a/system_server.te b/public/system_server.te similarity index 99% rename from system_server.te rename to public/system_server.te index b9fe97b71..c243bc64c 100644 --- a/system_server.te +++ b/public/system_server.te @@ -4,9 +4,6 @@ # type system_server, domain, domain_deprecated, mlstrustedsubject; -# Define a type for tmpfs-backed ashmem regions. -tmpfs_domain(system_server) - # For art. allow system_server dalvikcache_data_file:dir r_dir_perms; allow system_server dalvikcache_data_file:file { r_file_perms execute }; @@ -369,7 +366,6 @@ allow system_server system_wpa_socket:sock_file create_file_perms; allow system_server wpa_socket:sock_file unlink; # Create a socket for connections from debuggerd. -type_transition system_server system_data_file:sock_file system_ndebug_socket "ndebugsocket"; allow system_server system_ndebug_socket:sock_file create_file_perms; # Manage cache files. diff --git a/te_macros b/public/te_macros similarity index 100% rename from te_macros rename to public/te_macros diff --git a/tee.te b/public/tee.te similarity index 96% rename from tee.te rename to public/tee.te index 3d4cc2fba..a95be8834 100644 --- a/tee.te +++ b/public/tee.te @@ -6,7 +6,6 @@ type tee_exec, exec_type, file_type; type tee_device, dev_type; type tee_data_file, file_type, data_file_type; -init_daemon_domain(tee) allow tee self:capability { dac_override }; allow tee tee_device:chr_file rw_file_perms; allow tee tee_data_file:dir rw_dir_perms; diff --git a/toolbox.te b/public/toolbox.te similarity index 97% rename from toolbox.te rename to public/toolbox.te index 7767079dc..59c3a9c73 100644 --- a/toolbox.te +++ b/public/toolbox.te @@ -4,8 +4,6 @@ type toolbox, domain; type toolbox_exec, exec_type, file_type; -init_daemon_domain(toolbox) - # /dev/__null__ created by init prior to policy load, # open fd inherited by fsck. allow toolbox tmpfs:chr_file { read write ioctl }; diff --git a/tzdatacheck.te b/public/tzdatacheck.te similarity index 87% rename from tzdatacheck.te rename to public/tzdatacheck.te index f61cb4716..37daa7516 100644 --- a/tzdatacheck.te +++ b/public/tzdatacheck.te @@ -2,7 +2,5 @@ type tzdatacheck, domain, domain_deprecated; type tzdatacheck_exec, exec_type, file_type; -init_daemon_domain(tzdatacheck) - allow tzdatacheck zoneinfo_data_file:dir create_dir_perms; allow tzdatacheck zoneinfo_data_file:file unlink; diff --git a/ueventd.te b/public/ueventd.te similarity index 99% rename from ueventd.te rename to public/ueventd.te index d4880fad1..46787c4de 100644 --- a/ueventd.te +++ b/public/ueventd.te @@ -1,7 +1,6 @@ # ueventd seclabel is specified in init.rc since # it lives in the rootfs and has no unique file type. type ueventd, domain, domain_deprecated; -tmpfs_domain(ueventd) # Write to /dev/kmsg. allow ueventd kmsg_device:chr_file rw_file_perms; diff --git a/uncrypt.te b/public/uncrypt.te similarity index 97% rename from uncrypt.te rename to public/uncrypt.te index 308e0f629..ef1289c32 100644 --- a/uncrypt.te +++ b/public/uncrypt.te @@ -2,8 +2,6 @@ type uncrypt, domain, domain_deprecated, mlstrustedsubject; type uncrypt_exec, exec_type, file_type; -init_daemon_domain(uncrypt) - allow uncrypt self:capability dac_override; # Read OTA zip file from /data/data/com.google.android.gsf/app_download diff --git a/untrusted_app.te b/public/untrusted_app.te similarity index 100% rename from untrusted_app.te rename to public/untrusted_app.te diff --git a/update_engine.te b/public/update_engine.te similarity index 97% rename from update_engine.te rename to public/update_engine.te index fa3f05ccb..a3dee0db7 100644 --- a/update_engine.te +++ b/public/update_engine.te @@ -4,7 +4,6 @@ type update_engine, domain, domain_deprecated, update_engine_common, boot_contro type update_engine_exec, exec_type, file_type; type update_engine_data_file, file_type, data_file_type; -init_daemon_domain(update_engine); net_domain(update_engine); # Following permissions are needed for update_engine. diff --git a/update_engine_common.te b/public/update_engine_common.te similarity index 87% rename from update_engine_common.te rename to public/update_engine_common.te index e70e44db1..29581dde4 100644 --- a/update_engine_common.te +++ b/public/update_engine_common.te @@ -24,9 +24,6 @@ allow update_engine_common postinstall_file:file rx_file_perms; allow update_engine_common postinstall_file:lnk_file r_file_perms; allow update_engine_common postinstall_file:dir r_dir_perms; -# The postinstall program is run by update_engine_common and will always be tagged as a -# postinstall_file regardless of its attributes in the new system. -domain_auto_trans(update_engine_common, postinstall_file, postinstall) # A postinstall program is typically a shell script (with a #!), so we allow # to execute those. diff --git a/update_verifier.te b/public/update_verifier.te similarity index 93% rename from update_verifier.te rename to public/update_verifier.te index 09d5fc4bc..731b6230a 100644 --- a/update_verifier.te +++ b/public/update_verifier.te @@ -3,8 +3,6 @@ type update_verifier, domain, boot_control_hal; type update_verifier_exec, exec_type, file_type; -init_daemon_domain(update_verifier) - # Allow update_verifier to reach block devices in /dev/block. allow update_verifier block_device:dir search; diff --git a/vdc.te b/public/vdc.te similarity index 96% rename from vdc.te rename to public/vdc.te index d31be658e..394ac96aa 100644 --- a/vdc.te +++ b/public/vdc.te @@ -8,8 +8,6 @@ type vdc, domain, domain_deprecated; type vdc_exec, exec_type, file_type; -init_daemon_domain(vdc) - unix_socket_connect(vdc, vold, vold) # vdc sends information back to dumpstate when "adb bugreport" is used diff --git a/vold.te b/public/vold.te similarity index 90% rename from vold.te rename to public/vold.te index 6e0fa1648..afe55c071 100644 --- a/vold.te +++ b/public/vold.te @@ -2,12 +2,6 @@ type vold, domain, domain_deprecated; type vold_exec, exec_type, file_type; -init_daemon_domain(vold) - -# Switch to more restrictive domains when executing common tools -domain_auto_trans(vold, sgdisk_exec, sgdisk); -domain_auto_trans(vold, sdcardd_exec, sdcardd); - # Read already opened /cache files. allow vold cache_file:dir r_dir_perms; allow vold cache_file:file { getattr read }; @@ -25,13 +19,6 @@ allow vold sysfs_zram_uevent:file w_file_perms; r_dir_file(vold, rootfs) allow vold proc_meminfo:file r_file_perms; -# For a handful of probing tools, we choose an even more restrictive -# domain when working with untrusted block devices -domain_trans(vold, shell_exec, blkid); -domain_trans(vold, shell_exec, blkid_untrusted); -domain_trans(vold, fsck_exec, fsck); -domain_trans(vold, fsck_exec, fsck_untrusted); - # Allow us to jump into execution domains of above tools allow vold self:process setexec; @@ -58,11 +45,6 @@ allow vold { mnt_media_rw_file storage_file sdcard_type }:file create_file_perms allow vold media_rw_data_file:dir create_dir_perms; allow vold media_rw_data_file:file create_file_perms; -# Newly created storage dirs are always treated as mount stubs to prevent us -# from accidentally writing when the mount point isn't present. -type_transition vold storage_file:dir storage_stub_file; -type_transition vold mnt_media_rw_file:dir mnt_media_rw_stub_file; - # Allow mounting of storage devices allow vold { mnt_media_rw_stub_file storage_stub_file }:dir { mounton create rmdir getattr setattr }; allow vold sdcard_type:filesystem { mount unmount remount }; diff --git a/watchdogd.te b/public/watchdogd.te similarity index 100% rename from watchdogd.te rename to public/watchdogd.te diff --git a/wifi_hal_legacy.te b/public/wifi_hal_legacy.te similarity index 91% rename from wifi_hal_legacy.te rename to public/wifi_hal_legacy.te index a7fce5729..ccdd96ca2 100644 --- a/wifi_hal_legacy.te +++ b/public/wifi_hal_legacy.te @@ -2,9 +2,6 @@ type wifi_hal_legacy, domain; type wifi_hal_legacy_exec, exec_type, file_type; -# may be started by init -init_daemon_domain(wifi_hal_legacy) - ## hwbinder access hwbinder_use(wifi_hal_legacy) diff --git a/wificond.te b/public/wificond.te similarity index 98% rename from wificond.te rename to public/wificond.te index 673394a2c..82c10c131 100644 --- a/wificond.te +++ b/public/wificond.te @@ -2,8 +2,6 @@ type wificond, domain; type wificond_exec, exec_type, file_type; -init_daemon_domain(wificond) - binder_use(wificond) binder_call(wificond, system_server) binder_call(wificond, wpa) diff --git a/wpa.te b/public/wpa.te similarity index 95% rename from wpa.te rename to public/wpa.te index dfb73dc2e..3cb042bda 100644 --- a/wpa.te +++ b/public/wpa.te @@ -2,8 +2,6 @@ type wpa, domain, domain_deprecated; type wpa_exec, exec_type, file_type; -init_daemon_domain(wpa) - net_domain(wpa) # in addition to ioctls whitelisted for all domains, grant wpa priv_sock_ioctls. allowxperm wpa self:udp_socket ioctl priv_sock_ioctls; @@ -29,7 +27,6 @@ binder_call(wpa, wificond) allow wpa wpa_supplicant_service:service_manager { add find }; # Create a socket for receiving info from wpa -type_transition wpa wifi_data_file:dir wpa_socket "sockets"; allow wpa wpa_socket:dir create_dir_perms; allow wpa wpa_socket:sock_file create_file_perms; diff --git a/zygote.te b/public/zygote.te similarity index 99% rename from zygote.te rename to public/zygote.te index 9f210ed3a..94081ef56 100644 --- a/zygote.te +++ b/public/zygote.te @@ -2,7 +2,6 @@ type zygote, domain, domain_deprecated; type zygote_exec, exec_type, file_type; -init_daemon_domain(zygote) typeattribute zygote mlstrustedsubject; # Override DAC on files and switch uid/gid. allow zygote self:capability { dac_override setgid setuid fowner chown };