From bf0c2a59f804af514a4488070453e8c49e095380 Mon Sep 17 00:00:00 2001 From: Nick Kralevich <nnk@google.com> Date: Mon, 23 Oct 2017 20:21:20 +0000 Subject: [PATCH] Revert "Ensure only com.android.shell can run in the shell domain." The following error is occurring on master: 10-23 16:24:24.785 shell 4884 4884 E SELinux : seapp_context_lookup: No match for app with uid 2000, seinfo platform, name com.google.android.traceur 10-23 16:24:24.785 shell 4884 4884 E SELinux : selinux_android_setcontext: Error setting context for app with uid 2000, seinfo platform:targetSdkVersion=23:complete: Success 10-23 16:24:24.785 shell 4884 4884 E Zygote : selinux_android_setcontext(2000, 0, "platform:targetSdkVersion=23:complete", "com.google.android.traceur") failed 10-23 16:24:24.785 shell 4884 4884 F zygote64: jni_internal.cc:593] JNI FatalError called: frameworks/base/core/jni/com_android_internal_os_Zygote.cpp:648: selinux_android_setcontext failed 10-23 16:24:24.818 shell 4884 4884 F zygote64: runtime.cc:535] Runtime aborting... Bug: 68126425 Bug: 68032516 This reverts commit 714ee5f293042986791ce653900a3eb308e6788a. Change-Id: I7356c4e4facb1e532bfdeb575acf2d83761a0852 --- private/seapp_contexts | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/private/seapp_contexts b/private/seapp_contexts index 1f451be50..dc7e3893b 100644 --- a/private/seapp_contexts +++ b/private/seapp_contexts @@ -91,10 +91,6 @@ neverallow user=((?!_isolated).)* domain=isolated_app # uid's can be in shell domain neverallow user=shell domain=((?!shell).)* -# only the package named com.android.shell can run in the shell domain -neverallow domain=shell name=((?!com\.android\.shell).)* -neverallow user=shell name=((?!com\.android\.shell).)* - # Ephemeral Apps must run in the ephemeral_app domain neverallow isEphemeralApp=true domain=((?!ephemeral_app).)* @@ -104,7 +100,7 @@ user=bluetooth seinfo=platform domain=bluetooth type=bluetooth_data_file user=nfc seinfo=platform domain=nfc type=nfc_data_file user=radio seinfo=platform domain=radio type=radio_data_file user=shared_relro domain=shared_relro -user=shell seinfo=platform domain=shell name=com.android.shell type=shell_data_file +user=shell seinfo=platform domain=shell type=shell_data_file user=_isolated domain=isolated_app levelFrom=user user=_app seinfo=media domain=mediaprovider name=android.process.media type=app_data_file levelFrom=user user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user -- GitLab