From 869562e9e30933b6e7342205b9eccd9fd769f5d9 Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@google.com>
Date: Tue, 30 Jan 2018 10:54:33 -0500
Subject: [PATCH] Remove rules for starting the webview_zygote as a child of
 init.

The webview_zygote is now launched as a child-zygote process from the
main zygote process.

Bug: 63749735
Test: m
Test: Launch "Third-party licenses" activity from Settings, and it
      renders correctly via the WebView.
Merged-In: I9c948b58a969d35d5a5add4b6ab62b8f990645d1
Change-Id: I153476642cf14883b0dfea0d9f5b3b5e30ac1c08
---
 private/compat/26.0/26.0.cil | 1 +
 private/file_contexts        | 3 ---
 private/isolated_app.te      | 2 +-
 private/system_server.te     | 4 +++-
 private/webview_zygote.te    | 9 +++------
 public/domain.te             | 2 +-
 public/file.te               | 1 -
 7 files changed, 9 insertions(+), 13 deletions(-)

diff --git a/private/compat/26.0/26.0.cil b/private/compat/26.0/26.0.cil
index fb4a9e6c8..261fc6de2 100644
--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@@ -10,6 +10,7 @@
 (type reboot_data_file)
 (type tracing_shell_writable)
 (type tracing_shell_writable_debug)
+(type webview_zygote_socket)
 
 (typeattributeset accessibility_service_26_0 (accessibility_service))
 (typeattributeset account_service_26_0 (account_service))
diff --git a/private/file_contexts b/private/file_contexts
index 10a8a71b3..f05d00579 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -157,7 +157,6 @@
 /dev/socket/traced_consumer	u:object_r:traced_consumer_socket:s0
 /dev/socket/uncrypt	u:object_r:uncrypt_socket:s0
 /dev/socket/vold	u:object_r:vold_socket:s0
-/dev/socket/webview_zygote	u:object_r:webview_zygote_socket:s0
 /dev/socket/wpa_eth[0-9] u:object_r:wpa_socket:s0
 /dev/socket/wpa_wlan[0-9] u:object_r:wpa_socket:s0
 /dev/socket/zygote	u:object_r:zygote_socket:s0
@@ -276,8 +275,6 @@
 /system/bin/bspatch              u:object_r:update_engine_exec:s0
 /system/bin/storaged             u:object_r:storaged_exec:s0
 /system/bin/thermalserviced      u:object_r:thermalserviced_exec:s0
-/system/bin/webview_zygote32     u:object_r:webview_zygote_exec:s0
-/system/bin/webview_zygote64     u:object_r:webview_zygote_exec:s0
 /system/bin/wpantund             u:object_r:wpantund_exec:s0
 /system/bin/virtual_touchpad     u:object_r:virtual_touchpad_exec:s0
 /system/bin/hw/android\.hidl\.allocator@1\.0-service          u:object_r:hal_allocator_default_exec:s0
diff --git a/private/isolated_app.te b/private/isolated_app.te
index 06ed2c82c..a6276b38c 100644
--- a/private/isolated_app.te
+++ b/private/isolated_app.te
@@ -108,7 +108,7 @@ neverallow isolated_app sdcard_type:file ~{ read write append getattr lock };
 neverallow isolated_app { usb_device usbaccessory_device }:chr_file *;
 
 # Restrict the webview_zygote control socket.
-neverallow isolated_app webview_zygote_socket:sock_file write;
+neverallow isolated_app webview_zygote:sock_file write;
 
 # Limit the /sys files which isolated_app can access. This is important
 # for controlling isolated_app attack surface.
diff --git a/private/system_server.te b/private/system_server.te
index 6e6212ebc..a52c5c737 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -153,7 +153,6 @@ unix_socket_connect(system_server, lmkd, lmkd)
 unix_socket_connect(system_server, mtpd, mtp)
 unix_socket_connect(system_server, netd, netd)
 unix_socket_connect(system_server, vold, vold)
-unix_socket_connect(system_server, webview_zygote, webview_zygote)
 unix_socket_connect(system_server, zygote, zygote)
 unix_socket_connect(system_server, racoon, racoon)
 unix_socket_connect(system_server, uncrypt, uncrypt)
@@ -161,6 +160,9 @@ unix_socket_connect(system_server, uncrypt, uncrypt)
 # Communicate over a socket created by surfaceflinger.
 allow system_server surfaceflinger:unix_stream_socket { read write setopt };
 
+# Communicate over a socket created by webview_zygote.
+allow system_server webview_zygote:unix_stream_socket { read write connectto setopt };
+
 # Perform Binder IPC.
 binder_use(system_server)
 binder_call(system_server, appdomain)
diff --git a/private/webview_zygote.te b/private/webview_zygote.te
index e0921127b..c9a401a77 100644
--- a/private/webview_zygote.te
+++ b/private/webview_zygote.te
@@ -6,9 +6,7 @@ typeattribute webview_zygote coredomain;
 # The webview_zygote needs to be able to transition domains.
 typeattribute webview_zygote mlstrustedsubject;
 
-# When init launches the WebView zygote's executable, transition the
-# resulting process into webview_zygote domain.
-init_daemon_domain(webview_zygote)
+tmpfs_domain(webview_zygote);
 
 # Allow reading/executing installed binaries to enable preloading the
 # installed WebView implementation.
@@ -84,9 +82,8 @@ neverallow webview_zygote { domain -crash_dump }:process transition;
 # Having said that, exec() above is not allowed.
 neverallow webview_zygote *:file execute_no_trans;
 
-# The only way to enter this domain is for init to exec() us or the zygote
-# to fork a new webview_zygote child.
-neverallow { domain -init } webview_zygote:process transition;
+# The only way to enter this domain is for the zygote to fork a new
+# webview_zygote child.
 neverallow { domain -zygote } webview_zygote:process dyntransition;
 
 # Disallow write access to properties.
diff --git a/public/domain.te b/public/domain.te
index dc967f3df..eb66b30f5 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -1022,7 +1022,7 @@ neverallow { domain -zygote -system_server } zygote:unix_stream_socket connectto
 neverallow { domain -system_server } zygote_socket:sock_file write;
 
 neverallow { domain -system_server -webview_zygote } webview_zygote:unix_stream_socket connectto;
-neverallow { domain -system_server } webview_zygote_socket:sock_file write;
+neverallow { domain -system_server } webview_zygote:sock_file write;
 
 neverallow {
   domain
diff --git a/public/file.te b/public/file.te
index 27ee0dcaa..c6b4ba86c 100644
--- a/public/file.te
+++ b/public/file.te
@@ -331,7 +331,6 @@ type traced_producer_socket, file_type, coredomain_socket, mlstrustedobject;
 type traced_consumer_socket, file_type, coredomain_socket;
 type uncrypt_socket, file_type, coredomain_socket;
 type vold_socket, file_type, coredomain_socket;
-type webview_zygote_socket, file_type, coredomain_socket;
 type wpa_socket, file_type, data_file_type, core_data_file_type;
 type zygote_socket, file_type, coredomain_socket;
 # UART (for GPS) control proc file
-- 
GitLab