From 9fa11b771b38197f2ff30d8af5700bf678c95b21 Mon Sep 17 00:00:00 2001
From: Lorenzo Colitti <lorenzo@google.com>
Date: Tue, 11 Jul 2017 02:35:35 +0900
Subject: [PATCH] Temporarily revert the SELinux policy for
 persist.netd.stable_secret.

This change did not make it into core sepolicy in time for O.
The revert allows devices to define these selinux policies in
vendor-specific sepolicy instead of core sepolicy. It is
necessary because:

1. It is too late to change property_contexts in O.
2. Adding the netd_stable_secret prop to vendor sepolicy results
   in a duplicate definition error at compile time.
3. Defining a new vendor-specific context (such as
   net_stable_secret_vendor_prop) and applying it to
   persist.netd.stable_secret results in the device not booting
   due to attempting to apply two different contexts to the same
   property.

Lack of the sepolicy no longer breaks wifi connectivity now that
IpManager no longer considers failure to set the stable secret to
be a fatal error.

Once all interested devices have adopted the vendor sepolicy,
this policy can safely be reinstated by reverting said vendor
sepolicies in internal master.

This reverts commit abb1ba6532c923106b459dbb3ba47d9c7038bc97.

Bug: 17613910
Test: bullhead builds, boots, connects to wifi
Change-Id: Idffcf78491171c54bca9f93cb920eab9b1c47709
---
 private/property_contexts | 1 -
 public/netd.te            | 9 ---------
 public/property.te        | 1 -
 3 files changed, 11 deletions(-)

diff --git a/private/property_contexts b/private/property_contexts
index 8eb2f28b2..23150343f 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -50,7 +50,6 @@ persist.logd.logpersistd        u:object_r:logpersistd_logging_prop:s0
 logd.logpersistd        u:object_r:logpersistd_logging_prop:s0
 persist.log.tag         u:object_r:log_tag_prop:s0
 persist.mmc.            u:object_r:mmc_prop:s0
-persist.netd.stable_secret      u:object_r:netd_stable_secret_prop:s0
 persist.sys.            u:object_r:system_prop:s0
 persist.sys.safemode    u:object_r:safemode_prop:s0
 ro.sys.safemode         u:object_r:safemode_prop:s0
diff --git a/public/netd.te b/public/netd.te
index 77974bf40..691887fcd 100644
--- a/public/netd.te
+++ b/public/netd.te
@@ -62,7 +62,6 @@ allow netd dnsmasq:process signal;
 allow netd clatd:process signal;
 
 set_prop(netd, ctl_mdnsd_prop)
-set_prop(netd, netd_stable_secret_prop)
 
 # Allow netd to publish a binder service and make binder calls.
 binder_use(netd)
@@ -109,11 +108,3 @@ neverallow netd { app_data_file system_data_file }:dir_file_class_set write;
 neverallow { domain -system_server -dumpstate -netd } netd_service:service_manager find;
 neverallow { domain -system_server -dumpstate } netd:binder call;
 neverallow netd { domain -system_server -servicemanager userdebug_or_eng(`-su') }:binder call;
-
-# persist.netd.stable_secret contains RFC 7217 secret key which should never be
-# leaked to other processes. Make sure it never leaks.
-neverallow { domain -netd -init } netd_stable_secret_prop:file r_file_perms;
-
-# We want to ensure that no other process ever tries tampering with persist.netd.stable_secret,
-# the RFC 7217 secret key managed by netd. Doing so could compromise user privacy.
-neverallow { domain -netd -init } netd_stable_secret_prop:property_service set;
diff --git a/public/property.te b/public/property.te
index 95efcaa78..daac0fb5c 100644
--- a/public/property.te
+++ b/public/property.te
@@ -30,7 +30,6 @@ type log_tag_prop, property_type, log_property_type;
 type mmc_prop, property_type;
 type net_dns_prop, property_type;
 type net_radio_prop, property_type, core_property_type;
-type netd_stable_secret_prop, property_type;
 type nfc_prop, property_type, core_property_type;
 type overlay_prop, property_type;
 type pan_result_prop, property_type, core_property_type;
-- 
GitLab