Vendor domains must not use Binder am: f5446eb1 am: 2fe065d7

am: 49ce4394

Change-Id: I1b38d903e61188594d0de80be479e7d9e045fb26

private/priv_app.te

@@ -2,6 +2,7 @@
 ### A domain for further sandboxing privileged apps.
 ###
 
+typeattribute priv_app coredomain;
 app_domain(priv_app)
 
 # Access the network.

private/profman.te

+typeattribute profman coredomain;

private/racoon.te

-# type_transition must be private policy the domain_trans rules could stay
-# public, but conceptually should go with this
+typeattribute racoon coredomain;
+
 init_daemon_domain(racoon)

private/radio.te

+typeattribute radio coredomain;
+
 app_domain(radio)
 
 read_runtime_log_tags(radio)

private/recovery.te

+typeattribute recovery coredomain;

private/recovery_persist.te

-# type_transition must be private policy the domain_trans rules could stay
-# public, but conceptually should go with this
+typeattribute recovery_persist coredomain;
+
 init_daemon_domain(recovery_persist)
 
 # recovery_persist is not allowed to write anywhere other than recovery_data_file

private/recovery_refresh.te

-# type_transition must be private policy the domain_trans rules could stay
-# public, but conceptually should go with this
+typeattribute recovery_refresh coredomain;
+
 init_daemon_domain(recovery_refresh)
 
 # recovery_refresh is not allowed to write anywhere

private/runas.te

-# type_transition must be private policy the domain_trans rules could stay
-# public, but conceptually should go with this
+typeattribute runas coredomain;
+
 # ndk-gdb invokes adb shell run-as.
 domain_auto_trans(shell, runas_exec, runas)

private/sdcardd.te

-# type_transition must be private policy the domain_trans rules could stay
-# public, but conceptually should go with this
+typeattribute sdcardd coredomain;
+
 type_transition sdcardd system_data_file:{ dir file } media_rw_data_file;

private/sensord.te

+typeattribute sensord coredomain;
+
 init_daemon_domain(sensord)

private/servicemanager.te

-# type_transition must be private policy the domain_trans rules could stay
-# public, but conceptually should go with this
+typeattribute servicemanager coredomain;
+
 init_daemon_domain(servicemanager)
 
 read_runtime_log_tags(servicemanager)

private/sgdisk.te

+typeattribute sgdisk coredomain;

private/shared_relro.te

+typeattribute shared_relro coredomain;
+
 # The shared relro process is a Java program forked from the zygote, so it
 # inherits from app to get basic permissions it needs to run.
 app_domain(shared_relro)

private/shell.te

+typeattribute shell coredomain;
+
 # systrace support - allow atrace to run
 allow shell debugfs_tracing:dir r_dir_perms;
 allow shell debugfs_tracing:file r_file_perms;

private/slideshow.te

+typeattribute slideshow coredomain;

private/storaged.te

 # storaged daemon
-type storaged, domain, mlstrustedsubject;
+type storaged, domain, coredomain, mlstrustedsubject;
 type storaged_exec, exec_type, file_type;
 
 init_daemon_domain(storaged)

private/surfaceflinger.te

 # surfaceflinger - display compositor service
 
+typeattribute surfaceflinger coredomain;
+
 type surfaceflinger_exec, exec_type, file_type;
 init_daemon_domain(surfaceflinger)
 

private/system_app.te

@@ -4,6 +4,7 @@
 ### server.
 ###
 
+typeattribute system_app coredomain;
 typeattribute system_app domain_deprecated;
 
 app_domain(system_app)

private/system_server.te

@@ -3,6 +3,7 @@
 # Most of the framework services run in this process.
 #
 
+typeattribute system_server coredomain;
 typeattribute system_server domain_deprecated;
 typeattribute system_server mlstrustedsubject;
 

private/tee.te

-# type_transition must be private policy the domain_trans rules could stay
-# public, but conceptually should go with this
+typeattribute tee coredomain;
+
 init_daemon_domain(tee)