Vendor domains must not use Binder am: f5446eb1

am: 2fe065d7 Change-Id: Ieefcec5619fc2b941a675b473661dc561864ffc9

Vendor domains must not use Binder am: f5446eb1
49ce4394 · Alex Klyubin · android-build-merger · da6c88c9 · 2fe065d7 · 49ce4394
Commit 49ce4394 authored 8 years ago by Alex Klyubin Committed by android-build-merger 8 years ago
--- a/private/lmkd.te
+++ b/private/lmkd.te
-# type_transition must be private policy the domain_trans rules could stay
+typeattribute lmkd coredomain;
-# public, but conceptually should go with this
 init_daemon_domain(lmkd)
--- a/private/logd.te
+++ b/private/logd.te
-# type_transition must be private policy the domain_trans rules could stay
+typeattribute logd coredomain;
-# public, but conceptually should go with this
 init_daemon_domain(logd)
 # logd is not allowed to write anywhere other than /data/misc/logd, and then

--- a/private/logpersist.te
+++ b/private/logpersist.te
+typeattribute logpersist coredomain;
 # android debug log storage in logpersist domains (eng and userdebug only)
 userdebug_or_eng(`

--- a/private/mdnsd.te
+++ b/private/mdnsd.te
 # mdns daemon
+typeattribute mdnsd coredomain;
 typeattribute mdnsd mlstrustedsubject;
 type mdnsd_exec, exec_type, file_type;

--- a/private/mediacodec.te
+++ b/private/mediacodec.te
-# type_transition must be private policy the domain_trans rules could stay
+typeattribute mediacodec coredomain;
-# public, but conceptually should go with this
 init_daemon_domain(mediacodec)
--- a/private/mediadrmserver.te
+++ b/private/mediadrmserver.te
-# type_transition must be private policy the domain_trans rules could stay
+typeattribute mediadrmserver coredomain;
-# public, but conceptually should go with this
 init_daemon_domain(mediadrmserver)
--- a/private/mediaextractor.te
+++ b/private/mediaextractor.te
-# type_transition must be private policy the domain_trans rules could stay
+typeattribute mediaextractor coredomain;
-# public, but conceptually should go with this
 init_daemon_domain(mediaextractor)
--- a/private/mediametrics.te
+++ b/private/mediametrics.te
-# type_transition must be private policy the domain_trans rules could stay
+typeattribute mediametrics coredomain;
-# public, but conceptually should go with this
 init_daemon_domain(mediametrics)
--- a/private/mediaserver.te
+++ b/private/mediaserver.te
-# type_transition must be private policy the domain_trans rules could stay
+typeattribute mediaserver coredomain;
-# public, but conceptually should go with this
 init_daemon_domain(mediaserver)
--- a/private/modprobe.te
+++ b/private/modprobe.te
+typeattribute modprobe coredomain;
--- a/private/mtp.te
+++ b/private/mtp.te
-# type_transition must be private policy the domain_trans rules could stay
+typeattribute mtp coredomain;
-# public, but conceptually should go with this
 init_daemon_domain(mtp)
--- a/private/netd.te
+++ b/private/netd.te
-# type_transition must be private policy the domain_trans rules could stay
+typeattribute netd coredomain;
-# public, but conceptually should go with this
 init_daemon_domain(netd)
 # Allow netd to spawn dnsmasq in it's own domain

--- a/private/nfc.te
+++ b/private/nfc.te
 # nfc subsystem
+typeattribute nfc coredomain;
 app_domain(nfc)
 net_domain(nfc)

--- a/private/otapreopt_chroot.te
+++ b/private/otapreopt_chroot.te
-# type_transition must be private policy the domain_trans rules could stay
+typeattribute otapreopt_chroot coredomain;
-# public, but conceptually should go with this
 # Allow to transition to postinstall_ota, to run otapreopt in its own sandbox.
 domain_auto_trans(otapreopt_chroot, postinstall_file, postinstall_dexopt)
--- a/private/otapreopt_slot.te
+++ b/private/otapreopt_slot.te
-# type_transition must be private policy the domain_trans rules could stay
+typeattribute otapreopt_slot coredomain;
-# public, but conceptually should go with this
 # Technically not a daemon but we do want the transition from init domain to
 # cppreopts to occur.
 init_daemon_domain(otapreopt_slot)
--- a/private/performanced.te
+++ b/private/performanced.te
+typeattribute performanced coredomain;
 init_daemon_domain(performanced)
--- a/private/platform_app.te
+++ b/private/platform_app.te
@@ -2,6 +2,7 @@
 ### Apps signed with the platform key.
 ###
+typeattribute platform_app coredomain;
 typeattribute platform_app domain_deprecated;
 app_domain(platform_app)

--- a/private/postinstall.te
+++ b/private/postinstall.te
-# type_transition must be private policy the domain_trans rules could stay
+typeattribute postinstall coredomain;
-# public, but conceptually should go with this
 domain_auto_trans(postinstall, otapreopt_chroot_exec, otapreopt_chroot)
--- a/private/postinstall_dexopt.te
+++ b/private/postinstall_dexopt.te
-# type_transition must be private policy the domain_trans rules could stay
+typeattribute postinstall_dexopt coredomain;
-# public, but conceptually should go with this
 # Run dex2oat/patchoat in its own sandbox.
 # We have to manually transition, as we don't have an entrypoint.
 domain_auto_trans(postinstall_dexopt, postinstall_file, dex2oat)
--- a/private/ppp.te
+++ b/private/ppp.te
-# type_transition must be private policy the domain_trans rules could stay
+typeattribute ppp coredomain;
-# public, but conceptually should go with this
 domain_auto_trans(mtp, ppp_exec, ppp)