From 7f8b6cc66c4dfbd320b06af6be2e0740ee9ddbcf Mon Sep 17 00:00:00 2001
From: Tri Vo <trong@google.com>
Date: Sat, 28 Jul 2018 16:48:06 -0700
Subject: [PATCH] Rename untrusted_app_visible_*' to include 'violators'.
Bug: 110887137
Test: Flash new system policy onto a device with vendor policy that uses
untrusted_app_visible_* attributes, and check that old and new attributes
are applied to exactly same types.
Change-Id: Ibee0ec645878fcc8c93cd0fbd169a8d45129d79e
Merged-In: Ibee0ec645878fcc8c93cd0fbd169a8d45129d79e
(cherry picked from commit 7abca51d198b721eb217db89aed4256887a7b9d1)
---
private/app_neverallows.te | 4 ++--
private/technical_debt.cil | 10 ++++++++++
public/attributes | 10 +++++-----
3 files changed, 17 insertions(+), 7 deletions(-)
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 23594b826..c2ef14cce 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -189,7 +189,7 @@ neverallow all_untrusted_apps {
-hal_omx_hwservice
-hal_cas_hwservice
-hal_neuralnetworks_hwservice
- -untrusted_app_visible_hwservice
+ -untrusted_app_visible_hwservice_violators
}:hwservice_manager find;
# Make sure that the following services are never accessible by untrusted_apps
@@ -259,7 +259,7 @@ full_treble_only(`
-hal_neuralnetworks_server
-hal_omx_server
-binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
- -untrusted_app_visible_halserver
+ -untrusted_app_visible_halserver_violators
}:binder { call transfer };
')
diff --git a/private/technical_debt.cil b/private/technical_debt.cil
index b04e5e076..35db2b3f2 100644
--- a/private/technical_debt.cil
+++ b/private/technical_debt.cil
@@ -40,3 +40,13 @@
; Unfortunately, we can't currently express this in module policy language:
; typeattribute { appdomain -isolated_app } hal_neuralnetworks_client;
(typeattributeset hal_neuralnetworks_client ((and (appdomain) ((not (isolated_app))))))
+
+; TODO(b/112056006): move these to mapping files when/if we implement 'versioned' attributes.
+; Rename untrusted_app_visible_* to untrusted_app_visible_*_violators.
+; Unfortunately, we can't currently express this in module policy language:
+; typeattribute untrusted_app_visible_hwservice untrusted_app_visible_hwservice_violators;
+; typeattribute untrusted_app_visible_halserver untrusted_app_visible_halserver_violators;
+(typeattribute untrusted_app_visible_hwservice)
+(typeattributeset untrusted_app_visible_hwservice_violators (untrusted_app_visible_hwservice))
+(typeattribute untrusted_app_visible_halserver)
+(typeattributeset untrusted_app_visible_halserver_violators (untrusted_app_visible_halserver))
diff --git a/public/attributes b/public/attributes
index 738512887..c8db1fdd6 100644
--- a/public/attributes
+++ b/public/attributes
@@ -191,19 +191,19 @@ expandattribute system_writes_vendor_properties_violators false;
# version, requiring all hwservices that are labeled with this
# attribute to be submitted to AOSP in order to maintain their
# app-visibility.
-attribute untrusted_app_visible_hwservice;
-expandattribute untrusted_app_visible_hwservice false;
+attribute untrusted_app_visible_hwservice_violators;
+expandattribute untrusted_app_visible_hwservice_violators false;
# halserver domains that are accessible to untrusted applications. These
# domains are typically those hosting hwservices attributed by the
-# untrusted_app_visible_hwservice.
+# untrusted_app_visible_hwservice_violators.
# WARNING: Use of this attribute should be avoided unless absolutely necessary.
# It is a temporary allowance to aid the transition to treble and will be
# removed in the future platform version, requiring all halserver domains that
# are labeled with this attribute to be submitted to AOSP in order to maintain
# their app-visibility.
-attribute untrusted_app_visible_halserver;
-expandattribute untrusted_app_visible_halserver false;
+attribute untrusted_app_visible_halserver_violators;
+expandattribute untrusted_app_visible_halserver_violators false;
# PDX services
attribute pdx_endpoint_dir_type;
--
GitLab