Revert "Reduce the number of processes that can start adbd"

This reverts commit faebeaca. Reason for revert: broke the build Change-Id: I3d61ce011ad42c6ff0e9f122de3daa37e846407a

Revert "Reduce the number of processes that can start adbd"
This reverts commit faebeaca. Reason for revert: broke the build Change-Id: I3d61ce011ad42c6ff0e9f122de3daa37e846407a
b5dc6137 · Samuel Ha · faebeaca · b5dc6137 · b5dc6137 · b5dc6137
Commit b5dc6137 authored 6 years ago by Samuel Ha
--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@@ -121,7 +121,7 @@
 (typeattributeset ctl_bootanim_prop_26_0 (ctl_bootanim_prop))
 (typeattributeset ctl_bugreport_prop_26_0 (ctl_bugreport_prop))
 (typeattributeset ctl_console_prop_26_0 (ctl_console_prop))
-(typeattributeset ctl_default_prop_26_0 (ctl_default_prop ctl_restart_prop ctl_start_prop ctl_stop_prop ctl_adbd_prop))
+(typeattributeset ctl_default_prop_26_0 (ctl_default_prop ctl_restart_prop ctl_start_prop ctl_stop_prop))
 (typeattributeset ctl_dumpstate_prop_26_0 (ctl_dumpstate_prop))
 (typeattributeset ctl_fuse_prop_26_0 (ctl_fuse_prop))
 (typeattributeset ctl_mdnsd_prop_26_0 (ctl_mdnsd_prop))

--- a/private/compat/27.0/27.0.cil
+++ b/private/compat/27.0/27.0.cil
@@ -826,7 +826,7 @@
 (typeattributeset ctl_bootanim_prop_27_0 (ctl_bootanim_prop))
 (typeattributeset ctl_bugreport_prop_27_0 (ctl_bugreport_prop))
 (typeattributeset ctl_console_prop_27_0 (ctl_console_prop))
-(typeattributeset ctl_default_prop_27_0 (ctl_default_prop ctl_restart_prop ctl_start_prop ctl_stop_prop ctl_adbd_prop))
+(typeattributeset ctl_default_prop_27_0 (ctl_default_prop ctl_restart_prop ctl_start_prop ctl_stop_prop))
 (typeattributeset ctl_dumpstate_prop_27_0 (ctl_dumpstate_prop))
 (typeattributeset ctl_fuse_prop_27_0 (ctl_fuse_prop))
 (typeattributeset ctl_mdnsd_prop_27_0 (ctl_mdnsd_prop))

--- a/private/property_contexts
+++ b/private/property_contexts
@@ -115,11 +115,6 @@ ctl.interface_start$    u:object_r:ctl_interface_start_prop:s0
 ctl.interface_stop$     u:object_r:ctl_interface_stop_prop:s0
 ctl.interface_restart$  u:object_r:ctl_interface_restart_prop:s0

- # Restrict access to starting/stopping adbd
-ctl.start$adbd             u:object_r:ctl_adbd_prop:s0
-ctl.stop$adbd              u:object_r:ctl_adbd_prop:s0
-ctl.restart$adbd           u:object_r:ctl_adbd_prop:s0
-
 # NFC properties
 nfc.                    u:object_r:nfc_prop:s0


--- a/public/adbd.te
+++ b/public/adbd.te
@@ -2,7 +2,3 @@
 # it lives in the rootfs and has no unique file type.
 type adbd, domain;
 type adbd_exec, exec_type, file_type;
-
-# Only init is allowed to enter the adbd domain via exec()
-neverallow { domain -init } adbd:process transition;
-neverallow * adbd:process dyntransition;
--- a/public/property.te
+++ b/public/property.te
@@ -5,7 +5,6 @@ type bluetooth_prop, property_type;
 type bootloader_boot_reason_prop, property_type;
 type config_prop, property_type, core_property_type;
 type cppreopt_prop, property_type, core_property_type;
-type ctl_adbd_prop, property_type;
 type ctl_bootanim_prop, property_type;
 type ctl_bugreport_prop, property_type;
 type ctl_console_prop, property_type;
@@ -328,7 +327,6 @@ compatible_property_only(`
    -boottime_prop
    -config_prop
    -cppreopt_prop
-    -ctl_adbd_prop
    -ctl_bootanim_prop
    -ctl_bugreport_prop
    -ctl_console_prop

--- a/public/recovery.te
+++ b/public/recovery.te
@@ -109,7 +109,7 @@ recovery_only(`
  set_prop(recovery, powerctl_prop)

  # Start/stop adbd via ctl.start adbd
-  set_prop(recovery, ctl_adbd_prop)
+  set_prop(recovery, ctl_default_prop)

  # Read serial number of the device from system properties
  get_prop(recovery, serialno_prop)

--- a/public/usbd.te
+++ b/public/usbd.te
 type usbd, domain;
 type usbd_exec, exec_type, file_type;

-# Start/stop adbd via ctl.start adbd
-set_prop(usbd, ctl_adbd_prop)