Drop relabelto_domain() macro and its associated definitions.

This was originally to limit the ability to relabel files to particular types given the ability of all domains to relabelfrom unlabeled files. Since the latter was removed by Ied84f8b4b1a0896c1b9f7d783b7463ce09d4807b, this no longer serves any purpose. Change-Id: Ic41e94437188183f15ed8b3732c6cd5918da3397 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Drop relabelto_domain() macro and its associated definitions.
This was originally to limit the ability to relabel files to particular types given the ability of all domains to relabelfrom unlabeled files. Since the latter was removed by Ied84f8b4b1a0896c1b9f7d783b7463ce09d4807b, this no longer serves any purpose. Change-Id: Ic41e94437188183f15ed8b3732c6cd5918da3397 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
02dac03a · Stephen Smalley · 004bd4e0 · 02dac03a · 02dac03a · 02dac03a
Commit 02dac03a authored 10 years ago by Stephen Smalley
--- a/attributes
+++ b/attributes
@@ -64,6 +64,3 @@ attribute bluetoothdomain;

 # All domains used for binder service domains.
 attribute binderservicedomain;
-
-# All domains which are allowed the "relabelto" permission
-attribute relabeltodomain;
--- a/debuggerd.te
+++ b/debuggerd.te
@@ -12,7 +12,6 @@ allow debuggerd { domain -init -ueventd -watchdogd -healthd -adbd }:process ptra
 security_access_policy(debuggerd)
 allow debuggerd system_data_file:dir create_dir_perms;
 allow debuggerd system_data_file:dir relabelfrom;
-relabelto_domain(debuggerd)
 allow debuggerd tombstone_data_file:dir relabelto;
 allow debuggerd tombstone_data_file:dir create_dir_perms;
 allow debuggerd tombstone_data_file:file create_file_perms;

--- a/domain.te
+++ b/domain.te
@@ -146,9 +146,6 @@ allow domain { asec_public_file asec_apk_file }:dir r_dir_perms;
 ### neverallow rules
 ###

-# Limit ability to relabel files to domains marked with relabelto_domain().
-neverallow { domain -relabeltodomain } *:dir_file_class_set relabelto;
-
 # Limit ability to ptrace or read sensitive /proc/pid files of processes
 # with other UIDs to these whitelisted domains.
 neverallow { domain -debuggerd -vold -dumpstate -system_server } self:capability sys_ptrace;

--- a/dumpstate.te
+++ b/dumpstate.te
@@ -5,7 +5,6 @@ type dumpstate_exec, exec_type, file_type;

 init_daemon_domain(dumpstate)
 net_domain(dumpstate)
-relabelto_domain(dumpstate)
 binder_use(dumpstate)

 # Drop privileges by switching UID / GID

--- a/init.te
+++ b/init.te
@@ -3,7 +3,6 @@ type init, domain;
 # init is unconfined.
 unconfined_domain(init)
 tmpfs_domain(init)
-relabelto_domain(init)
 # add a rule to handle unlabelled mounts
 allow init unlabeled:filesystem mount;


--- a/installd.te
+++ b/installd.te
@@ -3,7 +3,6 @@ type installd, domain;
 type installd_exec, exec_type, file_type;

 init_daemon_domain(installd)
-relabelto_domain(installd)
 typeattribute installd mlstrustedsubject;
 allow installd self:capability { chown dac_override fowner fsetid setgid setuid };
 allow installd system_data_file:file create_file_perms;

--- a/kernel.te
+++ b/kernel.te
@@ -5,7 +5,6 @@ allow kernel init:process dyntransition;

 # The kernel is unconfined.
 unconfined_domain(kernel)
-relabelto_domain(kernel)

 allow kernel {fs_type dev_type file_type}:dir_file_class_set relabelto;
 allow kernel unlabeled:filesystem mount;

--- a/recovery.te
+++ b/recovery.te
@@ -2,7 +2,6 @@
 type recovery, domain;
 allow recovery rootfs:file entrypoint;
 unconfined_domain(recovery)
-relabelto_domain(recovery)

 allow recovery self:capability2 mac_admin;


--- a/system_server.te
+++ b/system_server.te
@@ -175,7 +175,6 @@ allow system_server { data_file_type -keystore_data_file }:notdevfile_class_set
 security_access_policy(system_server)

 # Relabel apk files.
-relabelto_domain(system_server)
 allow system_server { apk_tmp_file apk_private_tmp_file }:file { relabelfrom relabelto };
 allow system_server { apk_data_file apk_private_data_file }:file { relabelfrom relabelto };


--- a/te_macros
+++ b/te_macros
@@ -111,13 +111,6 @@ tmpfs_domain($1)
 allow $1 $1_tmpfs:file execute;
 ')

-#####################################
-# relabelto_domain(domain)
-# Allows this domain to use the relabelto permission
-define(`relabelto_domain', `
-typeattribute $1 relabeltodomain;
-')
-
 #####################################
 # net_domain(domain)
 # Allow a base set of permissions required for network access.

--- a/ueventd.te
+++ b/ueventd.te
@@ -4,7 +4,6 @@ type ueventd, domain;
 tmpfs_domain(ueventd)
 write_klog(ueventd)
 security_access_policy(ueventd)
-relabelto_domain(ueventd)
 allow ueventd rootfs:file entrypoint;
 allow ueventd init:process sigchld;
 allow ueventd self:capability { chown mknod net_admin setgid fsetid sys_rawio dac_override fowner };

--- a/vold.te
+++ b/vold.te
@@ -71,7 +71,6 @@ allow vold ctl_fuse_prop:property_service set;
 allow vold asec_image_file:file create_file_perms;
 allow vold asec_image_file:dir rw_dir_perms;
 security_access_policy(vold)
-relabelto_domain(vold)
 allow vold asec_apk_file:dir { rw_dir_perms setattr relabelfrom };
 allow vold asec_public_file:dir { relabelto setattr };
 allow vold asec_apk_file:file { r_file_perms setattr relabelfrom };