From 10ecd05df39b25f4b504f795adafae5f45084a59 Mon Sep 17 00:00:00 2001
From: dcashman <dcashman@google.com>
Date: Wed, 10 Dec 2014 13:50:39 -0800
Subject: [PATCH] Add neverallow rule for set_context_mgr.

Resubmission of commit: 76f3fe33d7b1a42b0a3f356be5522e9cc014687e

Removed conflicting rule from unconfined domain.

Change-Id: I3e6da8922ebf636f1cd8ceefea4291d043a28ab7
---
 domain.te     | 3 +++
 unconfined.te | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/domain.te b/domain.te
index 6cf7be34b..243c992f3 100644
--- a/domain.te
+++ b/domain.te
@@ -329,3 +329,6 @@ neverallow { domain -recovery } system_block_device:blk_file write;
 
 # No domains other than install_recovery or recovery can write to recovery.
 neverallow { domain -install_recovery -recovery } recovery_block_device:blk_file write;
+
+# Only servicemanager should be able to register with binder as the context manager
+neverallow { domain -servicemanager } *:binder set_context_mgr;
diff --git a/unconfined.te b/unconfined.te
index 1a5194232..32044eccc 100644
--- a/unconfined.te
+++ b/unconfined.te
@@ -90,4 +90,4 @@ allow unconfineddomain contextmount_type:notdevfile_class_set r_file_perms;
 allow unconfineddomain node_type:node *;
 allow unconfineddomain netif_type:netif *;
 allow unconfineddomain domain:peer recv;
-allow unconfineddomain { domain -init }:binder { call transfer set_context_mgr };
+allow unconfineddomain { domain -init }:binder { call transfer };
-- 
GitLab