diff --git a/Android.mk b/Android.mk index 6a4b8a427b46a6f323e1eb2b8e1cf04bbca0b91a..7bfe1a7ddf09001c224d228206dbeeae46ce26bb 100644 --- a/Android.mk +++ b/Android.mk @@ -26,13 +26,49 @@ ifdef BOARD_SEPOLICY_M4DEFS LOCAL_ADDITIONAL_M4DEFS := $(addprefix -D, $(BOARD_SEPOLICY_M4DEFS)) endif -# Builds paths for all policy files found in BOARD_SEPOLICY_DIRS and the LOCAL_PATH. -# $(1): the set of policy name paths to build -build_policy = $(foreach type, $(1), $(foreach file, $(addsuffix /$(type), $(LOCAL_PATH) $(BOARD_SEPOLICY_DIRS)), $(sort $(wildcard $(file))))) +# sepolicy is now divided into multiple portions: +# public - policy exported on which non-platform policy developers may write +# additional policy. types and attributes are versioned and included in +# delivered non-platform policy, which is to be combined with platform policy. +# private - platform-only policy required for platform functionality but which +# is not exported to vendor policy developers and as such may not be assumed +# to exist. +# mapping - TODO. This contains policy statements which map the attributes +# exposed in the public policy of previous versions to the concrete types used +# in this policy to ensure that policy targeting attributes from public +# policy from an older platform version continues to work. + +# TODO - build process for device: +# 1) convert policies to CIL: +# - private + public platform policy to CIL +# - mapping file to CIL (should already be in CIL form) +# - non-platform public policy to CIL +# - non-platform public + private policy to CIL +# 2) attributize policy +# - TODO: do this for platform policy? +# - run script which takes non-platform public and non-platform combined +# private + public policy and produces attributized and versioned +# non-platform policy +# 3) combine policy files +# - combine mapping, platform and non-platform policy. +# - compile output binary policy file + +PLAT_PUBLIC_POLICY := $(LOCAL_PATH)/public +PLAT_PRIVATE_POLICY := $(LOCAL_PATH)/private + +########################################################### +# Compute policy files to be used in policy build. +# $(1): files to include +# $(2): directories in which to find files +########################################################### + +define build_policy +$(foreach type, $(1), $(foreach file, $(addsuffix /$(type), $(2)), $(sort $(wildcard $(file))))) +endef # Builds paths for all policy files found in BOARD_SEPOLICY_DIRS. # $(1): the set of policy name paths to build -build_device_policy = $(foreach type, $(1), $(foreach file, $(addsuffix /$(type), $(BOARD_SEPOLICY_DIRS)), $(sort $(wildcard $(file))))) +build_device_policy = $(call build_policy, $(1), $(BOARD_SEPOLICY_DIRS)) # Add a file containing only a newline in-between each policy configuration # 'contexts' file. This will allow OEM policy configuration files without a @@ -92,11 +128,28 @@ endif include $(BUILD_SYSTEM)/base_rules.mk +platform_policy.conf := $(intermediates)/plat_policy.conf +$(platform_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS) +$(platform_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS) +$(platform_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS) +$(platform_policy.conf): $(call build_policy, $(sepolicy_build_files), \ +$(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY)) + @mkdir -p $(dir $@) + $(hide) m4 $(PRIVATE_ADDITIONAL_M4DEFS) \ + -D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \ + -D target_build_variant=$(TARGET_BUILD_VARIANT) \ + -s $^ > $@ + $(hide) sed '/dontaudit/d' $@ > $@.dontaudit + +# TODO: add steps for non-platform public and combined files with checkpolicy +# support. b/31932523 + sepolicy_policy.conf := $(intermediates)/policy.conf $(sepolicy_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS) $(sepolicy_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS) $(sepolicy_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS) -$(sepolicy_policy.conf): $(call build_policy, $(sepolicy_build_files)) +$(sepolicy_policy.conf): $(call build_policy, $(sepolicy_build_files), \ +$(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY) $(BOARD_SEPOLICY_DIRS)) @mkdir -p $(dir $@) $(hide) m4 $(PRIVATE_ADDITIONAL_M4DEFS) \ -D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \ @@ -135,7 +188,8 @@ sepolicy_policy_recovery.conf := $(intermediates)/policy_recovery.conf $(sepolicy_policy_recovery.conf): PRIVATE_MLS_SENS := $(MLS_SENS) $(sepolicy_policy_recovery.conf): PRIVATE_MLS_CATS := $(MLS_CATS) $(sepolicy_policy_recovery.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS) -$(sepolicy_policy_recovery.conf): $(call build_policy, $(sepolicy_build_files)) +$(sepolicy_policy_recovery.conf): $(call build_policy, $(sepolicy_build_files), \ +$(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY) $(BOARD_SEPOLICY_DIRS)) @mkdir -p $(dir $@) $(hide) m4 $(PRIVATE_ADDITIONAL_M4DEFS) \ -D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \ @@ -168,12 +222,10 @@ LOCAL_MODULE_TAGS := tests include $(BUILD_SYSTEM)/base_rules.mk -exp_sepolicy_build_files :=\ - $(foreach file, $(addprefix $(LOCAL_PATH)/, $(sepolicy_build_files)), $(sort $(wildcard $(file)))) - $(LOCAL_BUILT_MODULE): PRIVATE_MLS_SENS := $(MLS_SENS) $(LOCAL_BUILT_MODULE): PRIVATE_MLS_CATS := $(MLS_CATS) -$(LOCAL_BUILT_MODULE): $(exp_sepolicy_build_files) +$(LOCAL_BUILT_MODULE): $(call build_policy, $(sepolicy_build_files), \ +$(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY)) mkdir -p $(dir $@) $(hide) m4 -D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \ -D target_build_variant=user \ @@ -223,9 +275,9 @@ include $(BUILD_SYSTEM)/base_rules.mk # Note: That a newline file is placed between each file_context file found to # ensure a proper build when an fc file is missing an ending newline. -local_fc_files := $(LOCAL_PATH)/file_contexts +local_fc_files := $(PLAT_PRIVATE_POLICY)/file_contexts ifneq ($(filter address,$(SANITIZE_TARGET)),) - local_fc_files := $(local_fc_files) $(LOCAL_PATH)/file_contexts_asan + local_fc_files := $(local_fc_files) $(PLAT_PRIVATE_POLICY)/file_contexts_asan endif local_fcfiles_with_nl := $(call add_nl, $(local_fc_files), $(built_nl)) @@ -281,7 +333,7 @@ LOCAL_MODULE_TAGS := tests include $(BUILD_SYSTEM)/base_rules.mk general_file_contexts.tmp := $(intermediates)/general_file_contexts.tmp -$(general_file_contexts.tmp): $(addprefix $(LOCAL_PATH)/, file_contexts) +$(general_file_contexts.tmp): $(addprefix $(PLAT_PRIVATE_POLICY)/, file_contexts) @mkdir -p $(dir $@) $(hide) m4 -s $< > $@ @@ -302,7 +354,7 @@ LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) include $(BUILD_SYSTEM)/base_rules.mk -all_sc_files := $(call build_policy, seapp_contexts) +all_sc_files := $(call build_policy, seapp_contexts, $(PLAT_PRIVATE_POLICY) $(BOARD_SEPOLICY_DIRS)) $(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy) $(LOCAL_BUILT_MODULE): PRIVATE_SC_FILES := $(all_sc_files) @@ -321,7 +373,7 @@ LOCAL_MODULE_TAGS := tests include $(BUILD_SYSTEM)/base_rules.mk -all_sc_files := $(addprefix $(LOCAL_PATH)/, seapp_contexts) +all_sc_files := $(addprefix $(PLAT_PRIVATE_POLICY)/, seapp_contexts) $(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_general_sepolicy) $(LOCAL_BUILT_MODULE): PRIVATE_SC_FILE := $(all_sc_files) @@ -339,7 +391,7 @@ LOCAL_MODULE_TAGS := tests include $(BUILD_SYSTEM)/base_rules.mk -$(LOCAL_BUILT_MODULE): $(addprefix $(LOCAL_PATH)/, seapp_contexts) +$(LOCAL_BUILT_MODULE): $(addprefix $(PLAT_PRIVATE_POLICY)/, seapp_contexts) @mkdir -p $(dir $@) - $(hide) grep -ie '^neverallow' $< > $@ @@ -354,7 +406,7 @@ LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) include $(BUILD_SYSTEM)/base_rules.mk -all_pc_files := $(call build_policy, property_contexts) +all_pc_files := $(call build_policy, property_contexts, $(PLAT_PRIVATE_POLICY) $(BOARD_SEPOLICY_DIRS)) all_pcfiles_with_nl := $(call add_nl, $(all_pc_files), $(built_nl)) property_contexts.tmp := $(intermediates)/property_contexts.tmp @@ -386,7 +438,7 @@ LOCAL_MODULE_TAGS := tests include $(BUILD_SYSTEM)/base_rules.mk general_property_contexts.tmp := $(intermediates)/general_property_contexts.tmp -$(general_property_contexts.tmp): $(addprefix $(LOCAL_PATH)/, property_contexts) +$(general_property_contexts.tmp): $(addprefix $(PLAT_PRIVATE_POLICY)/, property_contexts) @mkdir -p $(dir $@) $(hide) m4 -s $< > $@ @@ -408,7 +460,7 @@ LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) include $(BUILD_SYSTEM)/base_rules.mk -all_svc_files := $(call build_policy, service_contexts) +all_svc_files := $(call build_policy, service_contexts, $(PLAT_PRIVATE_POLICY) $(BOARD_SEPOLICY_DIRS)) all_svcfiles_with_nl := $(call add_nl, $(all_svc_files), $(built_nl)) service_contexts.tmp := $(intermediates)/service_contexts.tmp @@ -439,7 +491,7 @@ LOCAL_MODULE_TAGS := tests include $(BUILD_SYSTEM)/base_rules.mk general_service_contexts.tmp := $(intermediates)/general_service_contexts.tmp -$(general_service_contexts.tmp): $(addprefix $(LOCAL_PATH)/, service_contexts) +$(general_service_contexts.tmp): $(addprefix $(PLAT_PRIVATE_POLICY)/, service_contexts) @mkdir -p $(dir $@) $(hide) m4 -s $< > $@ @@ -464,11 +516,11 @@ include $(BUILD_SYSTEM)/base_rules.mk # Build keys.conf mac_perms_keys.tmp := $(intermediates)/keys.tmp $(mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS) -$(mac_perms_keys.tmp): $(call build_policy, keys.conf) +$(mac_perms_keys.tmp): $(call build_policy, keys.conf, $(PLAT_PRIVATE_POLICY) $(BOARD_SEPOLICY_DIRS)) @mkdir -p $(dir $@) $(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@ -all_mac_perms_files := $(call build_policy, $(LOCAL_MODULE)) +all_mac_perms_files := $(call build_policy, $(LOCAL_MODULE), $(PLAT_PRIVATE_POLICY) $(BOARD_SEPOLICY_DIRS)) # Should be synced with keys.conf. all_keys := platform media shared testkey diff --git a/access_vectors b/private/access_vectors similarity index 100% rename from access_vectors rename to private/access_vectors diff --git a/private/adbd.te b/private/adbd.te new file mode 100644 index 0000000000000000000000000000000000000000..cabaf66d536230fcb37132fe566b04516d73e40a --- /dev/null +++ b/private/adbd.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +domain_auto_trans(adbd, shell_exec, shell) diff --git a/private/android_hardware_nfc_1_0_service.te b/private/android_hardware_nfc_1_0_service.te new file mode 100644 index 0000000000000000000000000000000000000000..43368f8ad9d80bf31114da3a45802b07593ae6b6 --- /dev/null +++ b/private/android_hardware_nfc_1_0_service.te @@ -0,0 +1,2 @@ +# may be started by init +init_daemon_domain(android_hardware_nfc_1_0_service) diff --git a/atrace.te b/private/atrace.te similarity index 100% rename from atrace.te rename to private/atrace.te diff --git a/private/audioserver.te b/private/audioserver.te new file mode 100644 index 0000000000000000000000000000000000000000..64178583a63477ab3a71ee2307b3df8dd5fae701 --- /dev/null +++ b/private/audioserver.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(audioserver) diff --git a/private/autoplay_app.te b/private/autoplay_app.te new file mode 100644 index 0000000000000000000000000000000000000000..2e0ec0e4d791dd0022c70c9501c528594db06fc5 --- /dev/null +++ b/private/autoplay_app.te @@ -0,0 +1,5 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +# Define and allow access to our own type for ashmem regions. +# Label ashmem objects with our own unique type. +tmpfs_domain(autoplay_app) diff --git a/private/bluetooth.te b/private/bluetooth.te new file mode 100644 index 0000000000000000000000000000000000000000..0abaee66b3d35dc0d00aae54f401cd26078fb714 --- /dev/null +++ b/private/bluetooth.te @@ -0,0 +1,4 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +# Socket creation under /data/misc/bluedroid. +type_transition bluetooth bluetooth_data_file:sock_file bluetooth_socket; diff --git a/private/bootanim.te b/private/bootanim.te new file mode 100644 index 0000000000000000000000000000000000000000..94fbc1f4f67100c71b8ca2c5feb418d30b78c434 --- /dev/null +++ b/private/bootanim.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(bootanim) diff --git a/private/bootstat.te b/private/bootstat.te new file mode 100644 index 0000000000000000000000000000000000000000..caa82fd62c17a7ca9346bec6871c15f3d1335f52 --- /dev/null +++ b/private/bootstat.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(bootstat) diff --git a/private/cameraserver.te b/private/cameraserver.te new file mode 100644 index 0000000000000000000000000000000000000000..b34d74608c49c3141e33f087e464308a122b9197 --- /dev/null +++ b/private/cameraserver.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(cameraserver) diff --git a/private/cppreopts.te b/private/cppreopts.te new file mode 100644 index 0000000000000000000000000000000000000000..02c13b3a08b60fa0d8293162b162b0026e45ab23 --- /dev/null +++ b/private/cppreopts.te @@ -0,0 +1,6 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +# Technically not a daemon but we do want the transition from init domain to +# cppreopts to occur. +init_daemon_domain(cppreopts) +domain_auto_trans(cppreopts, preopt2cachename_exec, preopt2cachename); diff --git a/private/debuggerd.te b/private/debuggerd.te new file mode 100644 index 0000000000000000000000000000000000000000..bd835af55c0e42a7e998035a90b952ce7c8923d8 --- /dev/null +++ b/private/debuggerd.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(debuggerd) diff --git a/private/dhcp.te b/private/dhcp.te new file mode 100644 index 0000000000000000000000000000000000000000..67451896eb89c1510cfb6f503f1195d6ed62519a --- /dev/null +++ b/private/dhcp.te @@ -0,0 +1,4 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(dhcp) +type_transition dhcp system_data_file:{ dir file } dhcp_data_file; diff --git a/private/drmserver.te b/private/drmserver.te new file mode 100644 index 0000000000000000000000000000000000000000..340c454f859c16272ae2fb494f77505fcc8ffae1 --- /dev/null +++ b/private/drmserver.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(drmserver) diff --git a/private/dumpstate.te b/private/dumpstate.te new file mode 100644 index 0000000000000000000000000000000000000000..ad646f4bede38f5b64107965981a06ee7b94fa85 --- /dev/null +++ b/private/dumpstate.te @@ -0,0 +1,6 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(dumpstate) + +# Execute and transition to the vdc domain +domain_auto_trans(dumpstate, vdc_exec, vdc) diff --git a/file_contexts b/private/file_contexts similarity index 100% rename from file_contexts rename to private/file_contexts diff --git a/file_contexts_asan b/private/file_contexts_asan similarity index 100% rename from file_contexts_asan rename to private/file_contexts_asan diff --git a/private/fingerprintd.te b/private/fingerprintd.te new file mode 100644 index 0000000000000000000000000000000000000000..a733cabd9d066dd2a28bb5f3bb5c0f3d7b0bc15d --- /dev/null +++ b/private/fingerprintd.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(fingerprintd) diff --git a/fs_use b/private/fs_use similarity index 100% rename from fs_use rename to private/fs_use diff --git a/private/fsck.te b/private/fsck.te new file mode 100644 index 0000000000000000000000000000000000000000..f3f4c52d2b6a1e05b74d6428ac322d65fa3d2df2 --- /dev/null +++ b/private/fsck.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(fsck) diff --git a/private/gatekeeperd.te b/private/gatekeeperd.te new file mode 100644 index 0000000000000000000000000000000000000000..d050c2edfd71a9ba87ff915073317cd1dff1d498 --- /dev/null +++ b/private/gatekeeperd.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(gatekeeperd) diff --git a/genfs_contexts b/private/genfs_contexts similarity index 100% rename from genfs_contexts rename to private/genfs_contexts diff --git a/private/hci_attach.te b/private/hci_attach.te new file mode 100644 index 0000000000000000000000000000000000000000..c8ba3f6b064dc500af65827997d8e1c11f30569f --- /dev/null +++ b/private/hci_attach.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(hci_attach) \ No newline at end of file diff --git a/private/hostapd.te b/private/hostapd.te new file mode 100644 index 0000000000000000000000000000000000000000..d895f2916499133ab3fdc4231f1ae0dc5857e8ba --- /dev/null +++ b/private/hostapd.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(hostapd) diff --git a/private/hwservicemanager.te b/private/hwservicemanager.te new file mode 100644 index 0000000000000000000000000000000000000000..e15d13db0bc0740c057b87af6fbbd4715a3af161 --- /dev/null +++ b/private/hwservicemanager.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(hwservicemanager) diff --git a/private/init.te b/private/init.te new file mode 100644 index 0000000000000000000000000000000000000000..c2354548b093d446c64dd53cc36219d4a6b48d5c --- /dev/null +++ b/private/init.te @@ -0,0 +1,18 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +tmpfs_domain(init) + +# Transitions to seclabel processes in init.rc +domain_trans(init, rootfs, adbd) +domain_trans(init, rootfs, healthd) +domain_trans(init, rootfs, slideshow) +recovery_only(` + domain_trans(init, rootfs, recovery) +') +domain_trans(init, shell_exec, shell) +domain_trans(init, init_exec, ueventd) +domain_trans(init, init_exec, watchdogd) +# case where logpersistd is actually logcat -f in logd context (nee: logcatd) +userdebug_or_eng(` + domain_auto_trans(init, logcat_exec, logd) +') diff --git a/initial_sid_contexts b/private/initial_sid_contexts similarity index 100% rename from initial_sid_contexts rename to private/initial_sid_contexts diff --git a/initial_sids b/private/initial_sids similarity index 100% rename from initial_sids rename to private/initial_sids diff --git a/private/inputflinger.te b/private/inputflinger.te new file mode 100644 index 0000000000000000000000000000000000000000..0d3782f40c0feccd400aa560c245e722ccadcb88 --- /dev/null +++ b/private/inputflinger.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(inputflinger) \ No newline at end of file diff --git a/private/install_recovery.te b/private/install_recovery.te new file mode 100644 index 0000000000000000000000000000000000000000..b9b402b568f25428b518e3c51ba1ade2bf28bc26 --- /dev/null +++ b/private/install_recovery.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(install_recovery) diff --git a/private/installd.te b/private/installd.te new file mode 100644 index 0000000000000000000000000000000000000000..50b3821b890e84d7967d03584b0661096ccf1cbd --- /dev/null +++ b/private/installd.te @@ -0,0 +1,12 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(installd) + +# Run dex2oat in its own sandbox. +domain_auto_trans(installd, dex2oat_exec, dex2oat) + +# Run profman in its own sandbox. +domain_auto_trans(installd, profman_exec, profman) + +# Run idmap in its own sandbox. +domain_auto_trans(installd, idmap_exec, idmap) diff --git a/private/kernel.te b/private/kernel.te new file mode 100644 index 0000000000000000000000000000000000000000..1c2223e57171d496c70ae61f40df9f4be713be13 --- /dev/null +++ b/private/kernel.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +domain_auto_trans(kernel, init_exec, init) diff --git a/keys.conf b/private/keys.conf similarity index 100% rename from keys.conf rename to private/keys.conf diff --git a/private/keystore.te b/private/keystore.te new file mode 100644 index 0000000000000000000000000000000000000000..70ad3b24dfef1e0d686f35d046a2b8c6c6fe31bb --- /dev/null +++ b/private/keystore.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(keystore) diff --git a/private/lmkd.te b/private/lmkd.te new file mode 100644 index 0000000000000000000000000000000000000000..a5d0d77568cde7061dde12f36dede567f3aeee79 --- /dev/null +++ b/private/lmkd.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(lmkd) diff --git a/private/logd.te b/private/logd.te new file mode 100644 index 0000000000000000000000000000000000000000..52600ac511c9dd4e124131354aa745590ccc251d --- /dev/null +++ b/private/logd.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(logd) diff --git a/mac_permissions.xml b/private/mac_permissions.xml similarity index 100% rename from mac_permissions.xml rename to private/mac_permissions.xml diff --git a/private/mdnsd.te b/private/mdnsd.te new file mode 100644 index 0000000000000000000000000000000000000000..54659d1d1d1b94bd8edae3dc82f2f7101ca439a7 --- /dev/null +++ b/private/mdnsd.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(mdnsd) diff --git a/private/mediacodec.te b/private/mediacodec.te new file mode 100644 index 0000000000000000000000000000000000000000..7f88433a101fd3d653fb04e98dfec647eb6dce96 --- /dev/null +++ b/private/mediacodec.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(mediacodec) diff --git a/private/mediadrmserver.te b/private/mediadrmserver.te new file mode 100644 index 0000000000000000000000000000000000000000..5a8e7446cdc5142fbbc773cb33b4c6b06833d8d7 --- /dev/null +++ b/private/mediadrmserver.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(mediadrmserver) diff --git a/private/mediaextractor.te b/private/mediaextractor.te new file mode 100644 index 0000000000000000000000000000000000000000..8596c1440a10415fa76c02c00e4d9a0047a7f498 --- /dev/null +++ b/private/mediaextractor.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(mediaextractor) diff --git a/private/mediaserver.te b/private/mediaserver.te new file mode 100644 index 0000000000000000000000000000000000000000..74b11b07b7021c5e84d27494cd5caa0959078074 --- /dev/null +++ b/private/mediaserver.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(mediaserver) diff --git a/mls b/private/mls similarity index 100% rename from mls rename to private/mls diff --git a/mls_macros b/private/mls_macros similarity index 100% rename from mls_macros rename to private/mls_macros diff --git a/private/mtp.te b/private/mtp.te new file mode 100644 index 0000000000000000000000000000000000000000..69e1353b0f7085730ec94b5fb37b9cf1e5c936a7 --- /dev/null +++ b/private/mtp.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(mtp) diff --git a/private/netd.te b/private/netd.te new file mode 100644 index 0000000000000000000000000000000000000000..cc87dcbb45ce4218c6cc743a7d7223bdaf14d5fc --- /dev/null +++ b/private/netd.te @@ -0,0 +1,9 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(netd) + +# Allow netd to spawn dnsmasq in it's own domain +domain_auto_trans(netd, dnsmasq_exec, dnsmasq) + +# Allow netd to start clatd in its own domain +domain_auto_trans(netd, clatd_exec, clatd) diff --git a/private/otapreopt_chroot.te b/private/otapreopt_chroot.te new file mode 100644 index 0000000000000000000000000000000000000000..8e54a790fc1dca67306535f6f766404b340673c3 --- /dev/null +++ b/private/otapreopt_chroot.te @@ -0,0 +1,4 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +# Allow to transition to postinstall_ota, to run otapreopt in its own sandbox. +domain_auto_trans(otapreopt_chroot, postinstall_file, postinstall_dexopt) diff --git a/private/otapreopt_slot.te b/private/otapreopt_slot.te new file mode 100644 index 0000000000000000000000000000000000000000..519c34274128ef5c68b18ccf3b5f233f9b8fd106 --- /dev/null +++ b/private/otapreopt_slot.te @@ -0,0 +1,5 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +# Technically not a daemon but we do want the transition from init domain to +# cppreopts to occur. +init_daemon_domain(otapreopt_slot) diff --git a/perfprofd.te b/private/perfprofd.te similarity index 100% rename from perfprofd.te rename to private/perfprofd.te diff --git a/policy_capabilities b/private/policy_capabilities similarity index 100% rename from policy_capabilities rename to private/policy_capabilities diff --git a/port_contexts b/private/port_contexts similarity index 100% rename from port_contexts rename to private/port_contexts diff --git a/private/postinstall.te b/private/postinstall.te new file mode 100644 index 0000000000000000000000000000000000000000..47bf320f3b7d9437a53da6a63b2581779e03d776 --- /dev/null +++ b/private/postinstall.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +domain_auto_trans(postinstall, otapreopt_chroot_exec, otapreopt_chroot) diff --git a/private/postinstall_dexopt.te b/private/postinstall_dexopt.te new file mode 100644 index 0000000000000000000000000000000000000000..7596465aa8a1d747e278e723df518de60acaed2f --- /dev/null +++ b/private/postinstall_dexopt.te @@ -0,0 +1,5 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +# Run dex2oat/patchoat in its own sandbox. +# We have to manually transition, as we don't have an entrypoint. +domain_auto_trans(postinstall_dexopt, postinstall_file, dex2oat) diff --git a/private/ppp.te b/private/ppp.te new file mode 100644 index 0000000000000000000000000000000000000000..befc20e5e012605601cc10b041727bcdd42ad384 --- /dev/null +++ b/private/ppp.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +domain_auto_trans(mtp, ppp_exec, ppp) diff --git a/property_contexts b/private/property_contexts similarity index 100% rename from property_contexts rename to private/property_contexts diff --git a/private/racoon.te b/private/racoon.te new file mode 100644 index 0000000000000000000000000000000000000000..3eeb8151a3c87d7ccc48290efa038d817eccad0d --- /dev/null +++ b/private/racoon.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(racoon) diff --git a/private/recovery_persist.te b/private/recovery_persist.te new file mode 100644 index 0000000000000000000000000000000000000000..3b74629349897e5ef577f98ca221ec6f803bbf64 --- /dev/null +++ b/private/recovery_persist.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(recovery_persist) diff --git a/private/recovery_refresh.te b/private/recovery_refresh.te new file mode 100644 index 0000000000000000000000000000000000000000..8204465d28cebf22c94bfc5073fcd432c2d8e060 --- /dev/null +++ b/private/recovery_refresh.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(recovery_refresh) diff --git a/private/rild.te b/private/rild.te new file mode 100644 index 0000000000000000000000000000000000000000..ac6a05d3616ed479d28b2c713f90e2e6771c7506 --- /dev/null +++ b/private/rild.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(rild) diff --git a/roles b/private/roles similarity index 100% rename from roles rename to private/roles diff --git a/private/runas.te b/private/runas.te new file mode 100644 index 0000000000000000000000000000000000000000..d791501b346372cf3d8941939011dd221b1949b8 --- /dev/null +++ b/private/runas.te @@ -0,0 +1,4 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +# ndk-gdb invokes adb shell run-as. +domain_auto_trans(shell, runas_exec, runas) diff --git a/private/sdcardd.te b/private/sdcardd.te new file mode 100644 index 0000000000000000000000000000000000000000..55915fed71432a6282c837b5c55e583ce9daaf3b --- /dev/null +++ b/private/sdcardd.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +type_transition sdcardd system_data_file:{ dir file } media_rw_data_file; diff --git a/seapp_contexts b/private/seapp_contexts similarity index 100% rename from seapp_contexts rename to private/seapp_contexts diff --git a/security_classes b/private/security_classes similarity index 100% rename from security_classes rename to private/security_classes diff --git a/service_contexts b/private/service_contexts similarity index 100% rename from service_contexts rename to private/service_contexts diff --git a/private/servicemanager.te b/private/servicemanager.te new file mode 100644 index 0000000000000000000000000000000000000000..1514b0f3773e8646b6a3957475f441a4f346efa1 --- /dev/null +++ b/private/servicemanager.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(servicemanager) diff --git a/su.te b/private/su.te similarity index 100% rename from su.te rename to private/su.te diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te new file mode 100644 index 0000000000000000000000000000000000000000..ae8ab08e4396d8e2ed062b16ae2a0d4f269df433 --- /dev/null +++ b/private/surfaceflinger.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(surfaceflinger) diff --git a/private/system_server.te b/private/system_server.te new file mode 100644 index 0000000000000000000000000000000000000000..bab3d725f630c59dba451ddb14b8234beccd6d78 --- /dev/null +++ b/private/system_server.te @@ -0,0 +1,6 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +# Define a type for tmpfs-backed ashmem regions. +tmpfs_domain(system_server) +# Create a socket for connections from debuggerd. +type_transition system_server system_data_file:sock_file system_ndebug_socket "ndebugsocket"; diff --git a/private/tee.te b/private/tee.te new file mode 100644 index 0000000000000000000000000000000000000000..17b276fdd28eb30ae8457fcab26251cb521533b1 --- /dev/null +++ b/private/tee.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(tee) diff --git a/private/toolbox.te b/private/toolbox.te new file mode 100644 index 0000000000000000000000000000000000000000..fd43d5ee6cbf414864e8c2e65a66fdb04ad35b29 --- /dev/null +++ b/private/toolbox.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(toolbox) diff --git a/private/tzdatacheck.te b/private/tzdatacheck.te new file mode 100644 index 0000000000000000000000000000000000000000..ee67bb2e59ff8efb67bf9fe213a8e52edb5e36c9 --- /dev/null +++ b/private/tzdatacheck.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(tzdatacheck) diff --git a/private/ueventd.te b/private/ueventd.te new file mode 100644 index 0000000000000000000000000000000000000000..5034db7f9b49361c01611b9dce93ff9260c8c557 --- /dev/null +++ b/private/ueventd.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +tmpfs_domain(ueventd) diff --git a/private/uncrypt.te b/private/uncrypt.te new file mode 100644 index 0000000000000000000000000000000000000000..e2b919c74bc7c202662cedfdc7f6770032d2273e --- /dev/null +++ b/private/uncrypt.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(uncrypt) diff --git a/private/update_engine.te b/private/update_engine.te new file mode 100644 index 0000000000000000000000000000000000000000..01199ebb2b70f22bd1dc78e67a04789b8b790e84 --- /dev/null +++ b/private/update_engine.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(update_engine); diff --git a/private/update_engine_common.te b/private/update_engine_common.te new file mode 100644 index 0000000000000000000000000000000000000000..a7fb584717a67896ed22a205fa55f229846812e7 --- /dev/null +++ b/private/update_engine_common.te @@ -0,0 +1,5 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +# The postinstall program is run by update_engine_common and will always be tagged as a +# postinstall_file regardless of its attributes in the new system. +domain_auto_trans(update_engine_common, postinstall_file, postinstall) diff --git a/private/update_verifier.te b/private/update_verifier.te new file mode 100644 index 0000000000000000000000000000000000000000..c5f110b6cf5ea82158a957aa95880fbfc136cce3 --- /dev/null +++ b/private/update_verifier.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(update_verifier) diff --git a/users b/private/users similarity index 100% rename from users rename to private/users diff --git a/private/vdc.te b/private/vdc.te new file mode 100644 index 0000000000000000000000000000000000000000..877e9133123bac2fe5d66bc393a4095e16f3c8af --- /dev/null +++ b/private/vdc.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(vdc) diff --git a/private/vold.te b/private/vold.te new file mode 100644 index 0000000000000000000000000000000000000000..b2495f688342e3aec67aca2418d012635e75bf1d --- /dev/null +++ b/private/vold.te @@ -0,0 +1,19 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(vold) + +# Switch to more restrictive domains when executing common tools +domain_auto_trans(vold, sgdisk_exec, sgdisk); +domain_auto_trans(vold, sdcardd_exec, sdcardd); + +# For a handful of probing tools, we choose an even more restrictive +# domain when working with untrusted block devices +domain_trans(vold, shell_exec, blkid); +domain_trans(vold, shell_exec, blkid_untrusted); +domain_trans(vold, fsck_exec, fsck); +domain_trans(vold, fsck_exec, fsck_untrusted); + +# Newly created storage dirs are always treated as mount stubs to prevent us +# from accidentally writing when the mount point isn't present. +type_transition vold storage_file:dir storage_stub_file; +type_transition vold mnt_media_rw_file:dir mnt_media_rw_stub_file; diff --git a/private/wifi_hal_legacy.te b/private/wifi_hal_legacy.te new file mode 100644 index 0000000000000000000000000000000000000000..cb2c6dab56008f0cf8fc1294e0a0899fe808e7a0 --- /dev/null +++ b/private/wifi_hal_legacy.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(wifi_hal_legacy) diff --git a/private/wificond.te b/private/wificond.te new file mode 100644 index 0000000000000000000000000000000000000000..2e89975d0724277ae8927ebc8b82613135905538 --- /dev/null +++ b/private/wificond.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(wificond) diff --git a/private/wpa.te b/private/wpa.te new file mode 100644 index 0000000000000000000000000000000000000000..4bf29cfb50d19f37cd22402406864360e76516c3 --- /dev/null +++ b/private/wpa.te @@ -0,0 +1,6 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(wpa) + +# Create a socket for receiving info from wpa +type_transition wpa wifi_data_file:dir wpa_socket "sockets"; diff --git a/private/zygote.te b/private/zygote.te new file mode 100644 index 0000000000000000000000000000000000000000..bab15c7a80caa649312ecbbfe53e97c8df55f574 --- /dev/null +++ b/private/zygote.te @@ -0,0 +1,3 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +init_daemon_domain(zygote) diff --git a/adbd.te b/public/adbd.te similarity index 98% rename from adbd.te rename to public/adbd.te index 45bed8e590d3a537df6a040b8fd0778434e6b179..450bc1da3ee0d9b7dc284f94066e97e052dd0796 100644 --- a/adbd.te +++ b/public/adbd.te @@ -7,8 +7,6 @@ userdebug_or_eng(` allow adbd su:process dyntransition; ') -domain_auto_trans(adbd, shell_exec, shell) - # Do not sanitize the environment or open fds of the shell. Allow signaling # created processes. allow adbd shell:process { noatsecure signal }; diff --git a/android_hardware_nfc_1_0_service.te b/public/android_hardware_nfc_1_0_service.te similarity index 89% rename from android_hardware_nfc_1_0_service.te rename to public/android_hardware_nfc_1_0_service.te index f980da43b63bcbe1838105ebd59e23c5b3216fea..79da53b785bc8e96d610f6c3d0c4bce63436419b 100644 --- a/android_hardware_nfc_1_0_service.te +++ b/public/android_hardware_nfc_1_0_service.te @@ -2,9 +2,6 @@ type android_hardware_nfc_1_0_service, domain; type android_hardware_nfc_1_0_service_exec, exec_type, file_type; -# may be started by init -init_daemon_domain(android_hardware_nfc_1_0_service) - # hwbinder access hwbinder_use(android_hardware_nfc_1_0_service) diff --git a/app.te b/public/app.te similarity index 100% rename from app.te rename to public/app.te diff --git a/attributes b/public/attributes similarity index 100% rename from attributes rename to public/attributes diff --git a/audioserver.te b/public/audioserver.te similarity index 98% rename from audioserver.te rename to public/audioserver.te index da12649e303b305b749b5f264490fb38efb89eab..dab4ea54c850556e0ae7c77aa82b101050221afa 100644 --- a/audioserver.te +++ b/public/audioserver.te @@ -2,8 +2,6 @@ type audioserver, domain; type audioserver_exec, exec_type, file_type; -init_daemon_domain(audioserver) - r_dir_file(audioserver, sdcard_type) binder_use(audioserver) diff --git a/autoplay_app.te b/public/autoplay_app.te similarity index 96% rename from autoplay_app.te rename to public/autoplay_app.te index f671d5d379a463ea72e3fdd2e9b8cf64bda59af5..5fe1000be0a863e86d6f04c40e8ec894b93f902b 100644 --- a/autoplay_app.te +++ b/public/autoplay_app.te @@ -16,9 +16,6 @@ type autoplay_app, domain; allow autoplay_app self:process execmem; allow autoplay_app ashmem_device:chr_file execute; -# Define and allow access to our own type for ashmem regions. -# Label ashmem objects with our own unique type. -tmpfs_domain(autoplay_app) # Map with PROT_EXEC. allow autoplay_app autoplay_app_tmpfs:file execute; diff --git a/binderservicedomain.te b/public/binderservicedomain.te similarity index 100% rename from binderservicedomain.te rename to public/binderservicedomain.te diff --git a/blkid.te b/public/blkid.te similarity index 100% rename from blkid.te rename to public/blkid.te diff --git a/blkid_untrusted.te b/public/blkid_untrusted.te similarity index 100% rename from blkid_untrusted.te rename to public/blkid_untrusted.te diff --git a/bluetooth.te b/public/bluetooth.te similarity index 97% rename from bluetooth.te rename to public/bluetooth.te index d8448a6d9ffa5915cd170d8d06327d2e950f1a3d..332d2ab3c0db2949add245d0e55c94ff265a3da4 100644 --- a/bluetooth.te +++ b/public/bluetooth.te @@ -14,7 +14,6 @@ allow bluetooth bluetooth_logs_data_file:dir rw_dir_perms; allow bluetooth bluetooth_logs_data_file:file create_file_perms; # Socket creation under /data/misc/bluedroid. -type_transition bluetooth bluetooth_data_file:sock_file bluetooth_socket; allow bluetooth bluetooth_socket:sock_file create_file_perms; # bluetooth factory file accesses. diff --git a/bluetoothdomain.te b/public/bluetoothdomain.te similarity index 100% rename from bluetoothdomain.te rename to public/bluetoothdomain.te diff --git a/boot_control_hal.te b/public/boot_control_hal.te similarity index 100% rename from boot_control_hal.te rename to public/boot_control_hal.te diff --git a/bootanim.te b/public/bootanim.te similarity index 96% rename from bootanim.te rename to public/bootanim.te index e18654c2c93b6b217b45b7b482f3801f5b6a7d7c..abbcacac7694c7f3c83eeaf3cf7f83b900b6d5f1 100644 --- a/bootanim.te +++ b/public/bootanim.te @@ -2,8 +2,6 @@ type bootanim, domain; type bootanim_exec, exec_type, file_type; -init_daemon_domain(bootanim) - binder_use(bootanim) binder_call(bootanim, surfaceflinger) binder_call(bootanim, audioserver) diff --git a/bootstat.te b/public/bootstat.te similarity index 91% rename from bootstat.te rename to public/bootstat.te index 44a8c91b87d56184975ce914249b017d81f5bb40..82d730ccb2a82304d9815ffdaa753ae5659b78ad 100644 --- a/bootstat.te +++ b/public/bootstat.te @@ -2,8 +2,6 @@ type bootstat, domain; type bootstat_exec, exec_type, file_type; -init_daemon_domain(bootstat) - # Allow persistent storage in /data/misc/bootstat. allow bootstat bootstat_data_file:dir rw_dir_perms; allow bootstat bootstat_data_file:file create_file_perms; diff --git a/cameraserver.te b/public/cameraserver.te similarity index 97% rename from cameraserver.te rename to public/cameraserver.te index c12b1a2f84eb61d89460ca6ea86ae1c668b5f91e..b12d17cc4ee017b3b60286ae33b9e762535fb13f 100644 --- a/cameraserver.te +++ b/public/cameraserver.te @@ -2,8 +2,6 @@ type cameraserver, domain; type cameraserver_exec, exec_type, file_type; -init_daemon_domain(cameraserver) - binder_use(cameraserver) binder_call(cameraserver, binderservicedomain) binder_call(cameraserver, appdomain) diff --git a/clatd.te b/public/clatd.te similarity index 100% rename from clatd.te rename to public/clatd.te diff --git a/cppreopts.te b/public/cppreopts.te similarity index 80% rename from cppreopts.te rename to public/cppreopts.te index 66df7eea4148c577faf580547d08f35f4eded281..8cbf8018728192c988294be60b22632ec9da157d 100644 --- a/cppreopts.te +++ b/public/cppreopts.te @@ -7,12 +7,6 @@ type cppreopts, domain, mlstrustedsubject; type cppreopts_exec, exec_type, file_type; -# Technically not a daemon but we do want the transition from init domain to -# cppreopts to occur. -init_daemon_domain(cppreopts) - -domain_auto_trans(cppreopts, preopt2cachename_exec, preopt2cachename); - # Allow cppreopts copy files into the dalvik-cache allow cppreopts dalvikcache_data_file:dir { add_name remove_name search write }; allow cppreopts dalvikcache_data_file:file { create getattr open read rename write }; diff --git a/debuggerd.te b/public/debuggerd.te similarity index 98% rename from debuggerd.te rename to public/debuggerd.te index 80d3f5c6c85cb276d8463bdde95d7a418e4cffdf..da1314a04e56b415deb7f6453e0a41531300013a 100644 --- a/debuggerd.te +++ b/public/debuggerd.te @@ -2,7 +2,6 @@ type debuggerd, domain, domain_deprecated; type debuggerd_exec, exec_type, file_type; -init_daemon_domain(debuggerd) typeattribute debuggerd mlstrustedsubject; allow debuggerd self:capability { dac_override sys_ptrace chown kill fowner setuid setgid }; allow debuggerd self:capability2 { syslog }; diff --git a/device.te b/public/device.te similarity index 100% rename from device.te rename to public/device.te diff --git a/dex2oat.te b/public/dex2oat.te similarity index 100% rename from dex2oat.te rename to public/dex2oat.te diff --git a/dhcp.te b/public/dhcp.te similarity index 92% rename from dhcp.te rename to public/dhcp.te index a051b192d11d4a21157558957f2c9959d2b46068..6b9fb4ad11fd47d19b304d4c85613e9609bba558 100644 --- a/dhcp.te +++ b/public/dhcp.te @@ -2,7 +2,6 @@ type dhcp, domain, domain_deprecated; type dhcp_exec, exec_type, file_type; type dhcp_data_file, file_type, data_file_type; -init_daemon_domain(dhcp) net_domain(dhcp) allow dhcp cgroup:dir { create write add_name }; @@ -21,7 +20,6 @@ allow dhcp proc_net:file write; set_prop(dhcp, dhcp_prop) set_prop(dhcp, pan_result_prop) -type_transition dhcp system_data_file:{ dir file } dhcp_data_file; allow dhcp dhcp_data_file:dir create_dir_perms; allow dhcp dhcp_data_file:file create_file_perms; diff --git a/dnsmasq.te b/public/dnsmasq.te similarity index 100% rename from dnsmasq.te rename to public/dnsmasq.te diff --git a/domain.te b/public/domain.te similarity index 100% rename from domain.te rename to public/domain.te diff --git a/domain_deprecated.te b/public/domain_deprecated.te similarity index 100% rename from domain_deprecated.te rename to public/domain_deprecated.te diff --git a/drmserver.te b/public/drmserver.te similarity index 98% rename from drmserver.te rename to public/drmserver.te index d0adf46153d42c2ca276cfa20cedc4b42a4d0064..66cc432bdc2c00d8c2de630cc05df6154338f034 100644 --- a/drmserver.te +++ b/public/drmserver.te @@ -2,7 +2,6 @@ type drmserver, domain; type drmserver_exec, exec_type, file_type; -init_daemon_domain(drmserver) typeattribute drmserver mlstrustedsubject; net_domain(drmserver) diff --git a/dumpstate.te b/public/dumpstate.te similarity index 98% rename from dumpstate.te rename to public/dumpstate.te index 9f3370e396350be658e189becdcfa553715dc09b..17764c30e0bd9313b0f65eb23c6a14ba54a1ba74 100644 --- a/dumpstate.te +++ b/public/dumpstate.te @@ -2,7 +2,6 @@ type dumpstate, domain, domain_deprecated, mlstrustedsubject; type dumpstate_exec, exec_type, file_type; -init_daemon_domain(dumpstate) net_domain(dumpstate) binder_use(dumpstate) wakelock_use(dumpstate) @@ -80,9 +79,6 @@ allow dumpstate { surfaceflinger }:debuggerd dump_backtrace; -# Execute and transition to the vdc domain -domain_auto_trans(dumpstate, vdc_exec, vdc) - # Vibrate the device after we're done collecting the bugreport # /sys/class/timed_output/vibrator/enable # TODO: create a new file class, instead of allowing write access to all of /sys diff --git a/file.te b/public/file.te similarity index 100% rename from file.te rename to public/file.te diff --git a/fingerprintd.te b/public/fingerprintd.te similarity index 94% rename from fingerprintd.te rename to public/fingerprintd.te index 09d39b187d179d04620420b6bbc98e3a20f02032..b541e34ef49da73ad05802c2589ab22377be58f4 100644 --- a/fingerprintd.te +++ b/public/fingerprintd.te @@ -1,8 +1,6 @@ type fingerprintd, domain, domain_deprecated; type fingerprintd_exec, exec_type, file_type; -# fingerprintd -init_daemon_domain(fingerprintd) binder_use(fingerprintd) # need to find KeyStore and add self diff --git a/fsck.te b/public/fsck.te similarity index 98% rename from fsck.te rename to public/fsck.te index 9f372ce257170b0828498bf75be1ae1c0b9340e8..bdbbd33354d36d0f5e446b4364ea4d202598916a 100644 --- a/fsck.te +++ b/public/fsck.te @@ -2,8 +2,6 @@ type fsck, domain, domain_deprecated; type fsck_exec, exec_type, file_type; -init_daemon_domain(fsck) - # /dev/__null__ created by init prior to policy load, # open fd inherited by fsck. allow fsck tmpfs:chr_file { read write ioctl }; diff --git a/fsck_untrusted.te b/public/fsck_untrusted.te similarity index 100% rename from fsck_untrusted.te rename to public/fsck_untrusted.te diff --git a/gatekeeperd.te b/public/gatekeeperd.te similarity index 97% rename from gatekeeperd.te rename to public/gatekeeperd.te index bc4fe81b447d3853b601a468ffe768d436670d34..13d2db729312d85b29c5a2763b99f945245caaaa 100644 --- a/gatekeeperd.te +++ b/public/gatekeeperd.te @@ -2,7 +2,6 @@ type gatekeeperd, domain; type gatekeeperd_exec, exec_type, file_type; # gatekeeperd -init_daemon_domain(gatekeeperd) binder_service(gatekeeperd) binder_use(gatekeeperd) allow gatekeeperd tee_device:chr_file rw_file_perms; diff --git a/global_macros b/public/global_macros similarity index 100% rename from global_macros rename to public/global_macros diff --git a/hci_attach.te b/public/hci_attach.te similarity index 90% rename from hci_attach.te rename to public/hci_attach.te index 543cae1a0096846f3a6f37312ade7d8b4bc3b98a..04b6113e13ffd13d413b887c6d0c5c601fa3820e 100644 --- a/hci_attach.te +++ b/public/hci_attach.te @@ -1,8 +1,6 @@ type hci_attach, domain, domain_deprecated; type hci_attach_exec, exec_type, file_type; -init_daemon_domain(hci_attach) - allow hci_attach kernel:system module_request; allow hci_attach hci_attach_dev:chr_file rw_file_perms; allow hci_attach bluetooth_efs_file:dir r_dir_perms; diff --git a/healthd.te b/public/healthd.te similarity index 100% rename from healthd.te rename to public/healthd.te diff --git a/hostapd.te b/public/hostapd.te similarity index 97% rename from hostapd.te rename to public/hostapd.te index 62f9cc72687567dba9221a9701c6243b47bf9f16..b40bdc84a50d9dd39c527c33430183e6be4df904 100644 --- a/hostapd.te +++ b/public/hostapd.te @@ -2,7 +2,7 @@ type hostapd, domain; type hostapd_exec, exec_type, file_type; -init_daemon_domain(hostapd) + net_domain(hostapd) allow hostapd self:capability { net_admin net_raw }; diff --git a/hwservicemanager.te b/public/hwservicemanager.te similarity index 95% rename from hwservicemanager.te rename to public/hwservicemanager.te index 649e2b8f6f6666c4af64e047618f5e34ee2cdd92..cbb47e525c8392366c687a24925688a8dc6a6d11 100644 --- a/hwservicemanager.te +++ b/public/hwservicemanager.te @@ -2,8 +2,6 @@ type hwservicemanager, domain, mlstrustedsubject; type hwservicemanager_exec, exec_type, file_type; -init_daemon_domain(hwservicemanager) - # Note that we do not use the binder_* macros here. # hwservicemanager only provides name service (aka context manager) # for Binder. diff --git a/idmap.te b/public/idmap.te similarity index 100% rename from idmap.te rename to public/idmap.te diff --git a/init.te b/public/init.te similarity index 96% rename from init.te rename to public/init.te index 1512d0b4c52e3ffe5e4bf3d980b086528e455011..16bafc31df4e94b5420e15ec68e079ac2bcdf4e5 100644 --- a/init.te +++ b/public/init.te @@ -1,6 +1,5 @@ # init is its own domain. type init, domain, domain_deprecated, mlstrustedsubject; -tmpfs_domain(init) # The init domain is entered by execing init. type init_exec, exec_type, file_type; @@ -224,21 +223,6 @@ allow init sysfs_type:dir r_dir_perms; allow init sysfs_type:lnk_file read; allow init sysfs_type:file rw_file_perms; -# Transitions to seclabel processes in init.rc -domain_trans(init, rootfs, adbd) -domain_trans(init, rootfs, healthd) -domain_trans(init, rootfs, slideshow) -recovery_only(` - domain_trans(init, rootfs, recovery) -') -domain_trans(init, shell_exec, shell) -domain_trans(init, init_exec, ueventd) -domain_trans(init, init_exec, watchdogd) -# case where logpersistd is actually logcat -f in logd context (nee: logcatd) -userdebug_or_eng(` - domain_auto_trans(init, logcat_exec, logd) -') - # Init will create /data/misc/logd when the property persist.logd.logpersistd is "logcatd". # Init will also walk through the directory as part of a recursive restorecon. allow init misc_logd_file:dir { open create read getattr setattr search }; diff --git a/inputflinger.te b/public/inputflinger.te similarity index 93% rename from inputflinger.te rename to public/inputflinger.te index b6a5f0b2173560e8684c734731be36f016ac45fc..bee392facdf97b324db1cd5692291088481ba054 100644 --- a/inputflinger.te +++ b/public/inputflinger.te @@ -2,7 +2,6 @@ type inputflinger, domain, domain_deprecated; type inputflinger_exec, exec_type, file_type; -init_daemon_domain(inputflinger) binder_use(inputflinger) binder_service(inputflinger) diff --git a/install_recovery.te b/public/install_recovery.te similarity index 96% rename from install_recovery.te rename to public/install_recovery.te index b11ff7497a4c7362522212aa2c4f1925aa10e502..132b03da85b9989767fedf9fb795ce2d0325a3f8 100644 --- a/install_recovery.te +++ b/public/install_recovery.te @@ -2,8 +2,6 @@ type install_recovery, domain, domain_deprecated; type install_recovery_exec, exec_type, file_type; -init_daemon_domain(install_recovery) - allow install_recovery self:capability dac_override; # /system/bin/install-recovery.sh is a shell script. diff --git a/installd.te b/public/installd.te similarity index 94% rename from installd.te rename to public/installd.te index 317ae7cea99f4ca424bedd5d6fb2a6930e8a71f6..ead36c17e7392f4031c6ba1952e85dd862d131f5 100644 --- a/installd.te +++ b/public/installd.te @@ -1,8 +1,6 @@ # installer daemon type installd, domain, domain_deprecated; type installd_exec, exec_type, file_type; - -init_daemon_domain(installd) typeattribute installd mlstrustedsubject; allow installd self:capability { chown dac_override fowner fsetid setgid setuid }; @@ -64,15 +62,6 @@ allow installd dalvikcache_data_file:file create_file_perms; allow installd resourcecache_data_file:dir rw_dir_perms; allow installd resourcecache_data_file:file create_file_perms; -# Run dex2oat in its own sandbox. -domain_auto_trans(installd, dex2oat_exec, dex2oat) - -# Run profman in its own sandbox. -domain_auto_trans(installd, profman_exec, profman) - -# Run idmap in its own sandbox. -domain_auto_trans(installd, idmap_exec, idmap) - # Upgrade from unlabeled userdata. # Just need enough to remove and/or relabel it. allow installd unlabeled:dir { getattr search relabelfrom rw_dir_perms rmdir }; diff --git a/ioctl_defines b/public/ioctl_defines similarity index 100% rename from ioctl_defines rename to public/ioctl_defines diff --git a/ioctl_macros b/public/ioctl_macros similarity index 100% rename from ioctl_macros rename to public/ioctl_macros diff --git a/isolated_app.te b/public/isolated_app.te similarity index 100% rename from isolated_app.te rename to public/isolated_app.te diff --git a/kernel.te b/public/kernel.te similarity index 98% rename from kernel.te rename to public/kernel.te index 3608a10200a4c4f279f9d149e1ff98b05965ba3e..556904c1f707003d8d1a2b6a319dc95d3ca65ceb 100644 --- a/kernel.te +++ b/public/kernel.te @@ -67,8 +67,6 @@ userdebug_or_eng(` allow kernel nativetest_data_file:file read; ') -domain_auto_trans(kernel, init_exec, init) - # Access to /data/media. # This should be removed if sdcardfs is modified to alter the secontext for its # accesses to the underlying FS. diff --git a/keystore.te b/public/keystore.te similarity index 97% rename from keystore.te rename to public/keystore.te index 3d7bd9210b975075af517797d6a9b78c5b8d0ae6..42150176ae459d93aa961909639fee95ffbc7228 100644 --- a/keystore.te +++ b/public/keystore.te @@ -2,7 +2,6 @@ type keystore, domain, domain_deprecated; type keystore_exec, exec_type, file_type; # keystore daemon -init_daemon_domain(keystore) typeattribute keystore mlstrustedsubject; binder_use(keystore) binder_service(keystore) diff --git a/lmkd.te b/public/lmkd.te similarity index 97% rename from lmkd.te rename to public/lmkd.te index 5302bcd56d04bed26bbc5d33ef97d2b584c513f6..316036f030bacab60093a1388b50f4c350fb2432 100644 --- a/lmkd.te +++ b/public/lmkd.te @@ -2,8 +2,6 @@ type lmkd, domain, domain_deprecated, mlstrustedsubject; type lmkd_exec, exec_type, file_type; -init_daemon_domain(lmkd) - allow lmkd self:capability { dac_override sys_resource kill }; # lmkd locks itself in memory, to prevent it from being diff --git a/logd.te b/public/logd.te similarity index 98% rename from logd.te rename to public/logd.te index c9072f381ed2db92cac745d8cf87550450ca8f5e..1171ebf26ced44b04ba04f4c343f8c02c9eca287 100644 --- a/logd.te +++ b/public/logd.te @@ -2,8 +2,6 @@ type logd, domain, mlstrustedsubject; type logd_exec, exec_type, file_type; -init_daemon_domain(logd) - # Read access to pseudo filesystems. r_dir_file(logd, cgroup) r_dir_file(logd, proc) diff --git a/mdnsd.te b/public/mdnsd.te similarity index 86% rename from mdnsd.te rename to public/mdnsd.te index a9dc7c56578916b182ee0ee3c25e5e3943143b7f..c32b433c9664f1cc10aa0f1aadd3e5af028e0f29 100644 --- a/mdnsd.te +++ b/public/mdnsd.te @@ -2,7 +2,6 @@ type mdnsd, domain, mlstrustedsubject; type mdnsd_exec, exec_type, file_type; -init_daemon_domain(mdnsd) net_domain(mdnsd) # Read from /proc/net diff --git a/mediacodec.te b/public/mediacodec.te similarity index 96% rename from mediacodec.te rename to public/mediacodec.te index 3d3625ab73b1077a839d5fc6edfc847fb56d2a59..0b562c12e3e6fbc88bde79a6078ca6268ca57ed7 100644 --- a/mediacodec.te +++ b/public/mediacodec.te @@ -4,8 +4,6 @@ type mediacodec_exec, exec_type, file_type; typeattribute mediacodec mlstrustedsubject; -init_daemon_domain(mediacodec) - binder_use(mediacodec) binder_call(mediacodec, binderservicedomain) binder_call(mediacodec, appdomain) diff --git a/mediadrmserver.te b/public/mediadrmserver.te similarity index 98% rename from mediadrmserver.te rename to public/mediadrmserver.te index d9368ad3735203fd6a0b078533c34e6e202d87f6..db8e082f35b39db6c2d6fa5b0fd89c3a0e6ae672 100644 --- a/mediadrmserver.te +++ b/public/mediadrmserver.te @@ -5,8 +5,6 @@ type mediadrmserver_exec, exec_type, file_type; typeattribute mediadrmserver mlstrustedsubject; net_domain(mediadrmserver) -init_daemon_domain(mediadrmserver) - binder_use(mediadrmserver) binder_call(mediadrmserver, binderservicedomain) binder_call(mediadrmserver, appdomain) diff --git a/mediaextractor.te b/public/mediaextractor.te similarity index 95% rename from mediaextractor.te rename to public/mediaextractor.te index fe874479d577f651c9c7cca90c1a76bee2f3754a..ec0ce31a7978d690f9f90f24cd007c53c52e832c 100644 --- a/mediaextractor.te +++ b/public/mediaextractor.te @@ -4,8 +4,6 @@ type mediaextractor_exec, exec_type, file_type; typeattribute mediaextractor mlstrustedsubject; -init_daemon_domain(mediaextractor) - binder_use(mediaextractor) binder_call(mediaextractor, binderservicedomain) binder_call(mediaextractor, appdomain) diff --git a/mediaserver.te b/public/mediaserver.te similarity index 99% rename from mediaserver.te rename to public/mediaserver.te index e55c778e90ef08e43fc489afaf953d6a95dc8bcc..9e062b809943fb193e5a0e34f1b1745a12b81e3d 100644 --- a/mediaserver.te +++ b/public/mediaserver.te @@ -5,7 +5,6 @@ type mediaserver_exec, exec_type, file_type; typeattribute mediaserver mlstrustedsubject; net_domain(mediaserver) -init_daemon_domain(mediaserver) r_dir_file(mediaserver, sdcard_type) r_dir_file(mediaserver, cgroup) diff --git a/mtp.te b/public/mtp.te similarity index 92% rename from mtp.te rename to public/mtp.te index 02d4b56335fe17ad35eaea9980f935fd4cec61fe..0ca7cea357b0fb7f247d60c2d186af97e7bf1c72 100644 --- a/mtp.te +++ b/public/mtp.te @@ -2,7 +2,6 @@ type mtp, domain, domain_deprecated; type mtp_exec, exec_type, file_type; -init_daemon_domain(mtp) net_domain(mtp) # pptp policy diff --git a/net.te b/public/net.te similarity index 100% rename from net.te rename to public/net.te diff --git a/netd.te b/public/netd.te similarity index 97% rename from netd.te rename to public/netd.te index f01022aab560739188c4054d489b94b6a0f61a43..dc4a1b3ee77faa1629843ad4b4278955b1f255ba 100644 --- a/netd.te +++ b/public/netd.te @@ -2,7 +2,6 @@ type netd, domain, domain_deprecated, mlstrustedsubject; type netd_exec, exec_type, file_type; -init_daemon_domain(netd) net_domain(netd) # in addition to ioctls whitelisted for all domains, grant netd priv_sock_ioctls. allowxperm netd self:udp_socket ioctl priv_sock_ioctls; @@ -52,11 +51,9 @@ allow netd net_data_file:dir rw_dir_perms; allow netd self:capability fowner; # Allow netd to spawn dnsmasq in it's own domain -domain_auto_trans(netd, dnsmasq_exec, dnsmasq) allow netd dnsmasq:process signal; # Allow netd to start clatd in its own domain -domain_auto_trans(netd, clatd_exec, clatd) allow netd clatd:process signal; set_prop(netd, ctl_mdnsd_prop) diff --git a/neverallow_macros b/public/neverallow_macros similarity index 100% rename from neverallow_macros rename to public/neverallow_macros diff --git a/nfc.te b/public/nfc.te similarity index 100% rename from nfc.te rename to public/nfc.te diff --git a/otapreopt_chroot.te b/public/otapreopt_chroot.te similarity index 84% rename from otapreopt_chroot.te rename to public/otapreopt_chroot.te index 1c5f2eed0f4f16194b1cd18b88e1a6892c9178d9..c071f447f15e529a6505d74e766fdbea336a9b20 100644 --- a/otapreopt_chroot.te +++ b/public/otapreopt_chroot.te @@ -13,9 +13,6 @@ allow otapreopt_chroot labeledfs:filesystem mount; # Mounting /vendor can have this side-effect. Ignore denial. dontaudit otapreopt_chroot kernel:process setsched; -# Allow to transition to postinstall_ota, to run otapreopt in its own sandbox. -domain_auto_trans(otapreopt_chroot, postinstall_file, postinstall_dexopt) - # Allow otapreopt to use file descriptors from update-engine. It will # close them immediately. allow otapreopt_chroot postinstall:fd use; diff --git a/otapreopt_slot.te b/public/otapreopt_slot.te similarity index 89% rename from otapreopt_slot.te rename to public/otapreopt_slot.te index 2f4da0a121e94f7f5e2b82dafa1b8503b8b07792..5745ba7860a220600ae35b566317c207a9ef2480 100644 --- a/otapreopt_slot.te +++ b/public/otapreopt_slot.te @@ -6,9 +6,6 @@ type otapreopt_slot, domain, mlstrustedsubject; type otapreopt_slot_exec, exec_type, file_type; -# Technically not a daemon but we do want the transition from init domain to -# cppreopts to occur. -init_daemon_domain(otapreopt_slot) # The otapreopt_slot renames the OTA dalvik-cache to the regular dalvik-cache, and cleans up # the directory afterwards. For logging of aggregate size, we need getattr. diff --git a/platform_app.te b/public/platform_app.te similarity index 100% rename from platform_app.te rename to public/platform_app.te diff --git a/postinstall.te b/public/postinstall.te similarity index 95% rename from postinstall.te rename to public/postinstall.te index 0f6bb749b4aa7072143a0907c5f83cbf25c00f2a..7fd4dc61183db9d44b5968b631ebe62bead6c271 100644 --- a/postinstall.te +++ b/public/postinstall.te @@ -30,8 +30,6 @@ binder_call(postinstall, system_server) # Need to talk to the otadexopt service. allow postinstall otadexopt_service:service_manager find; -domain_auto_trans(postinstall, otapreopt_chroot_exec, otapreopt_chroot) - # No domain other than update_engine and recovery (via update_engine_sideload) # should transition to postinstall, as it is only meant to run during the # update. diff --git a/postinstall_dexopt.te b/public/postinstall_dexopt.te similarity index 91% rename from postinstall_dexopt.te rename to public/postinstall_dexopt.te index e0cc25720161b9686e14b825f6ab29ef5c37707c..5fdc51031edc8cb5e20bd3afa984517d2077b626 100644 --- a/postinstall_dexopt.te +++ b/public/postinstall_dexopt.te @@ -5,7 +5,6 @@ type postinstall_dexopt, domain; -# init_daemon_domain(otapreopt) allow postinstall_dexopt self:capability { chown dac_override fowner setgid setuid }; allow postinstall_dexopt postinstall_file:dir { getattr search }; @@ -43,9 +42,6 @@ allow postinstall_dexopt dalvikcache_data_file:file { relabelto link }; selinux_check_context(postinstall_dexopt) selinux_check_access(postinstall_dexopt) -# Run dex2oat/patchoat in its own sandbox. -# We have to manually transition, as we don't have an entrypoint. -domain_auto_trans(postinstall_dexopt, postinstall_file, dex2oat) # Postinstall wants to know about our child. allow postinstall_dexopt postinstall:process sigchld; diff --git a/ppp.te b/public/ppp.te similarity index 92% rename from ppp.te rename to public/ppp.te index 3fb6f2b06552f58b66bef30f38540b3d02ea4bf1..5708822ee3cca1c7394948be21fbd0036ea0fa8b 100644 --- a/ppp.te +++ b/public/ppp.te @@ -2,7 +2,6 @@ type ppp, domain, domain_deprecated; type ppp_device, dev_type; type ppp_exec, exec_type, file_type; -domain_auto_trans(mtp, ppp_exec, ppp) net_domain(ppp) diff --git a/preopt2cachename.te b/public/preopt2cachename.te similarity index 100% rename from preopt2cachename.te rename to public/preopt2cachename.te diff --git a/priv_app.te b/public/priv_app.te similarity index 100% rename from priv_app.te rename to public/priv_app.te diff --git a/profman.te b/public/profman.te similarity index 100% rename from profman.te rename to public/profman.te diff --git a/property.te b/public/property.te similarity index 100% rename from property.te rename to public/property.te diff --git a/racoon.te b/public/racoon.te similarity index 97% rename from racoon.te rename to public/racoon.te index c3666bd8541ba66d966a846fc2de955112e7f74c..c99740feeb2267a441be4ec5602f40d1c7b8fd66 100644 --- a/racoon.te +++ b/public/racoon.te @@ -2,7 +2,6 @@ type racoon, domain, domain_deprecated; type racoon_exec, exec_type, file_type; -init_daemon_domain(racoon) typeattribute racoon mlstrustedsubject; net_domain(racoon) diff --git a/radio.te b/public/radio.te similarity index 100% rename from radio.te rename to public/radio.te diff --git a/recovery.te b/public/recovery.te similarity index 100% rename from recovery.te rename to public/recovery.te diff --git a/recovery_persist.te b/public/recovery_persist.te similarity index 96% rename from recovery_persist.te rename to public/recovery_persist.te index 19a240f89b778f259f410d8d39f134eadbdc2a55..1abcc7c6528ce1dcab792d4f61fb8a4d138e1ae7 100644 --- a/recovery_persist.te +++ b/public/recovery_persist.te @@ -2,8 +2,6 @@ type recovery_persist, domain; type recovery_persist_exec, exec_type, file_type; -init_daemon_domain(recovery_persist) - allow recovery_persist pstorefs:dir search; allow recovery_persist pstorefs:file r_file_perms; diff --git a/recovery_refresh.te b/public/recovery_refresh.te similarity index 96% rename from recovery_refresh.te rename to public/recovery_refresh.te index 9fae1104c9f6c81be7d1dd609b04d7e0a8afbea8..5707e7b2840b1524b5c6b2099d17555d437415d4 100644 --- a/recovery_refresh.te +++ b/public/recovery_refresh.te @@ -2,8 +2,6 @@ type recovery_refresh, domain; type recovery_refresh_exec, exec_type, file_type; -init_daemon_domain(recovery_refresh) - allow recovery_refresh pstorefs:dir search; allow recovery_refresh pstorefs:file r_file_perms; # NB: domain inherits write_logd which hands us write to pmsg_device diff --git a/rild.te b/public/rild.te similarity index 98% rename from rild.te rename to public/rild.te index 0d834e19b7045cc651e2f923c119fbb20550dffc..85aa04415e4ca8ad23300fa42ea371d52592cdf9 100644 --- a/rild.te +++ b/public/rild.te @@ -2,7 +2,6 @@ type rild, domain, domain_deprecated; type rild_exec, exec_type, file_type; -init_daemon_domain(rild) net_domain(rild) allowxperm rild self:udp_socket ioctl priv_sock_ioctls; diff --git a/runas.te b/public/runas.te similarity index 92% rename from runas.te rename to public/runas.te index 58a1bdc1b3a00c0df6e00736a81a500924bf87e9..21bd8805fda1e112a8aadf1967cdfe915be5aea5 100644 --- a/runas.te +++ b/public/runas.te @@ -1,8 +1,6 @@ type runas, domain, domain_deprecated, mlstrustedsubject; type runas_exec, exec_type, file_type; -# ndk-gdb invokes adb shell run-as. -domain_auto_trans(shell, runas_exec, runas) allow runas adbd:process sigchld; allow runas shell:fd use; allow runas shell:fifo_file { read write }; diff --git a/sdcardd.te b/public/sdcardd.te similarity index 94% rename from sdcardd.te rename to public/sdcardd.te index 846c59b58a7defd08ea2f0f246ea6801adaff365..52037e6a650d3cc7a43448559c9c5cb2ed859f66 100644 --- a/sdcardd.te +++ b/public/sdcardd.te @@ -14,7 +14,6 @@ allow sdcardd self:capability { setuid setgid dac_override sys_admin sys_resourc allow sdcardd sdcard_type:dir create_dir_perms; allow sdcardd sdcard_type:file create_file_perms; -type_transition sdcardd system_data_file:{ dir file } media_rw_data_file; allow sdcardd media_rw_data_file:dir create_dir_perms; allow sdcardd media_rw_data_file:file create_file_perms; diff --git a/service.te b/public/service.te similarity index 100% rename from service.te rename to public/service.te diff --git a/servicemanager.te b/public/servicemanager.te similarity index 94% rename from servicemanager.te rename to public/servicemanager.te index 4f07a559492d4958284c708596636085f87894f7..469c6375ca07251cdacca1c8e3143de67712d40f 100644 --- a/servicemanager.te +++ b/public/servicemanager.te @@ -2,8 +2,6 @@ type servicemanager, domain, domain_deprecated, mlstrustedsubject; type servicemanager_exec, exec_type, file_type; -init_daemon_domain(servicemanager) - # Note that we do not use the binder_* macros here. # servicemanager is unique in that it only provides # name service (aka context manager) for Binder. diff --git a/sgdisk.te b/public/sgdisk.te similarity index 100% rename from sgdisk.te rename to public/sgdisk.te diff --git a/shared_relro.te b/public/shared_relro.te similarity index 100% rename from shared_relro.te rename to public/shared_relro.te diff --git a/shell.te b/public/shell.te similarity index 100% rename from shell.te rename to public/shell.te diff --git a/slideshow.te b/public/slideshow.te similarity index 100% rename from slideshow.te rename to public/slideshow.te diff --git a/surfaceflinger.te b/public/surfaceflinger.te similarity index 98% rename from surfaceflinger.te rename to public/surfaceflinger.te index d02fc93490404fa4a245523870f6aae1b3a8ef0b..5175f83f8eca8f37a7bfa62d686f867681b95e45 100644 --- a/surfaceflinger.te +++ b/public/surfaceflinger.te @@ -2,7 +2,6 @@ type surfaceflinger, domain, domain_deprecated; type surfaceflinger_exec, exec_type, file_type; -init_daemon_domain(surfaceflinger) typeattribute surfaceflinger mlstrustedsubject; # Perform Binder IPC. diff --git a/system_app.te b/public/system_app.te similarity index 100% rename from system_app.te rename to public/system_app.te diff --git a/system_server.te b/public/system_server.te similarity index 99% rename from system_server.te rename to public/system_server.te index b9fe97b71311e4c61b1cd2743761c046fa84f38a..c243bc64c83612cd2ba52aa92ff2f0eda171fb3b 100644 --- a/system_server.te +++ b/public/system_server.te @@ -4,9 +4,6 @@ # type system_server, domain, domain_deprecated, mlstrustedsubject; -# Define a type for tmpfs-backed ashmem regions. -tmpfs_domain(system_server) - # For art. allow system_server dalvikcache_data_file:dir r_dir_perms; allow system_server dalvikcache_data_file:file { r_file_perms execute }; @@ -369,7 +366,6 @@ allow system_server system_wpa_socket:sock_file create_file_perms; allow system_server wpa_socket:sock_file unlink; # Create a socket for connections from debuggerd. -type_transition system_server system_data_file:sock_file system_ndebug_socket "ndebugsocket"; allow system_server system_ndebug_socket:sock_file create_file_perms; # Manage cache files. diff --git a/te_macros b/public/te_macros similarity index 100% rename from te_macros rename to public/te_macros diff --git a/tee.te b/public/tee.te similarity index 96% rename from tee.te rename to public/tee.te index 3d4cc2fba744a18f1b0283ba668283ccd3cc78a6..a95be88349bf036c840e0aa73035feb898a228ed 100644 --- a/tee.te +++ b/public/tee.te @@ -6,7 +6,6 @@ type tee_exec, exec_type, file_type; type tee_device, dev_type; type tee_data_file, file_type, data_file_type; -init_daemon_domain(tee) allow tee self:capability { dac_override }; allow tee tee_device:chr_file rw_file_perms; allow tee tee_data_file:dir rw_dir_perms; diff --git a/toolbox.te b/public/toolbox.te similarity index 97% rename from toolbox.te rename to public/toolbox.te index 7767079dcede330fcd4a04a7880b662cb6e3a14b..59c3a9c73cfe2686245515d7baa91576fe9a3c54 100644 --- a/toolbox.te +++ b/public/toolbox.te @@ -4,8 +4,6 @@ type toolbox, domain; type toolbox_exec, exec_type, file_type; -init_daemon_domain(toolbox) - # /dev/__null__ created by init prior to policy load, # open fd inherited by fsck. allow toolbox tmpfs:chr_file { read write ioctl }; diff --git a/tzdatacheck.te b/public/tzdatacheck.te similarity index 87% rename from tzdatacheck.te rename to public/tzdatacheck.te index f61cb471632586ce4fbbd3cf672747525ed977be..37daa7516b1fedfd2d1737bea3539497c37cf15c 100644 --- a/tzdatacheck.te +++ b/public/tzdatacheck.te @@ -2,7 +2,5 @@ type tzdatacheck, domain, domain_deprecated; type tzdatacheck_exec, exec_type, file_type; -init_daemon_domain(tzdatacheck) - allow tzdatacheck zoneinfo_data_file:dir create_dir_perms; allow tzdatacheck zoneinfo_data_file:file unlink; diff --git a/ueventd.te b/public/ueventd.te similarity index 99% rename from ueventd.te rename to public/ueventd.te index d4880fad140caaba4d85277171870bd82d6cc8b3..46787c4de5546eea04c30c0eb057e2591657f42f 100644 --- a/ueventd.te +++ b/public/ueventd.te @@ -1,7 +1,6 @@ # ueventd seclabel is specified in init.rc since # it lives in the rootfs and has no unique file type. type ueventd, domain, domain_deprecated; -tmpfs_domain(ueventd) # Write to /dev/kmsg. allow ueventd kmsg_device:chr_file rw_file_perms; diff --git a/uncrypt.te b/public/uncrypt.te similarity index 97% rename from uncrypt.te rename to public/uncrypt.te index 308e0f6294eb27cde62bb926e319772723e4aa5d..ef1289c325c91e64adb3bac1a391a56a76ab5376 100644 --- a/uncrypt.te +++ b/public/uncrypt.te @@ -2,8 +2,6 @@ type uncrypt, domain, domain_deprecated, mlstrustedsubject; type uncrypt_exec, exec_type, file_type; -init_daemon_domain(uncrypt) - allow uncrypt self:capability dac_override; # Read OTA zip file from /data/data/com.google.android.gsf/app_download diff --git a/untrusted_app.te b/public/untrusted_app.te similarity index 100% rename from untrusted_app.te rename to public/untrusted_app.te diff --git a/update_engine.te b/public/update_engine.te similarity index 97% rename from update_engine.te rename to public/update_engine.te index fa3f05ccbba408a12b299283e9f43cd20994e200..a3dee0db74c9e6adf65831769f2c88388adff2b9 100644 --- a/update_engine.te +++ b/public/update_engine.te @@ -4,7 +4,6 @@ type update_engine, domain, domain_deprecated, update_engine_common, boot_contro type update_engine_exec, exec_type, file_type; type update_engine_data_file, file_type, data_file_type; -init_daemon_domain(update_engine); net_domain(update_engine); # Following permissions are needed for update_engine. diff --git a/update_engine_common.te b/public/update_engine_common.te similarity index 87% rename from update_engine_common.te rename to public/update_engine_common.te index e70e44db155f0aeb8ec0cfcfe38dbf09fca86e45..29581dde41c459308084ce36386de454839c0385 100644 --- a/update_engine_common.te +++ b/public/update_engine_common.te @@ -24,9 +24,6 @@ allow update_engine_common postinstall_file:file rx_file_perms; allow update_engine_common postinstall_file:lnk_file r_file_perms; allow update_engine_common postinstall_file:dir r_dir_perms; -# The postinstall program is run by update_engine_common and will always be tagged as a -# postinstall_file regardless of its attributes in the new system. -domain_auto_trans(update_engine_common, postinstall_file, postinstall) # A postinstall program is typically a shell script (with a #!), so we allow # to execute those. diff --git a/update_verifier.te b/public/update_verifier.te similarity index 93% rename from update_verifier.te rename to public/update_verifier.te index 09d5fc4bc0ec8d29422ea835f48df38731101754..731b6230ab64d4ada2a8301653b80a84117d2622 100644 --- a/update_verifier.te +++ b/public/update_verifier.te @@ -3,8 +3,6 @@ type update_verifier, domain, boot_control_hal; type update_verifier_exec, exec_type, file_type; -init_daemon_domain(update_verifier) - # Allow update_verifier to reach block devices in /dev/block. allow update_verifier block_device:dir search; diff --git a/vdc.te b/public/vdc.te similarity index 96% rename from vdc.te rename to public/vdc.te index d31be658ea9effb6c9358847eef8db64e1582504..394ac96aa65ec44c661f4038e2030fe95826cd36 100644 --- a/vdc.te +++ b/public/vdc.te @@ -8,8 +8,6 @@ type vdc, domain, domain_deprecated; type vdc_exec, exec_type, file_type; -init_daemon_domain(vdc) - unix_socket_connect(vdc, vold, vold) # vdc sends information back to dumpstate when "adb bugreport" is used diff --git a/vold.te b/public/vold.te similarity index 90% rename from vold.te rename to public/vold.te index 6e0fa164807c6e4ccbf9e42d6cdc0e33881071a1..afe55c071cba9c587fa728353458a6d23e8ba17e 100644 --- a/vold.te +++ b/public/vold.te @@ -2,12 +2,6 @@ type vold, domain, domain_deprecated; type vold_exec, exec_type, file_type; -init_daemon_domain(vold) - -# Switch to more restrictive domains when executing common tools -domain_auto_trans(vold, sgdisk_exec, sgdisk); -domain_auto_trans(vold, sdcardd_exec, sdcardd); - # Read already opened /cache files. allow vold cache_file:dir r_dir_perms; allow vold cache_file:file { getattr read }; @@ -25,13 +19,6 @@ allow vold sysfs_zram_uevent:file w_file_perms; r_dir_file(vold, rootfs) allow vold proc_meminfo:file r_file_perms; -# For a handful of probing tools, we choose an even more restrictive -# domain when working with untrusted block devices -domain_trans(vold, shell_exec, blkid); -domain_trans(vold, shell_exec, blkid_untrusted); -domain_trans(vold, fsck_exec, fsck); -domain_trans(vold, fsck_exec, fsck_untrusted); - # Allow us to jump into execution domains of above tools allow vold self:process setexec; @@ -58,11 +45,6 @@ allow vold { mnt_media_rw_file storage_file sdcard_type }:file create_file_perms allow vold media_rw_data_file:dir create_dir_perms; allow vold media_rw_data_file:file create_file_perms; -# Newly created storage dirs are always treated as mount stubs to prevent us -# from accidentally writing when the mount point isn't present. -type_transition vold storage_file:dir storage_stub_file; -type_transition vold mnt_media_rw_file:dir mnt_media_rw_stub_file; - # Allow mounting of storage devices allow vold { mnt_media_rw_stub_file storage_stub_file }:dir { mounton create rmdir getattr setattr }; allow vold sdcard_type:filesystem { mount unmount remount }; diff --git a/watchdogd.te b/public/watchdogd.te similarity index 100% rename from watchdogd.te rename to public/watchdogd.te diff --git a/wifi_hal_legacy.te b/public/wifi_hal_legacy.te similarity index 91% rename from wifi_hal_legacy.te rename to public/wifi_hal_legacy.te index a7fce572955646d3f5f0c65fef5a82a92c930a00..ccdd96ca2650af8315c6ba2b70bda795a95659eb 100644 --- a/wifi_hal_legacy.te +++ b/public/wifi_hal_legacy.te @@ -2,9 +2,6 @@ type wifi_hal_legacy, domain; type wifi_hal_legacy_exec, exec_type, file_type; -# may be started by init -init_daemon_domain(wifi_hal_legacy) - ## hwbinder access hwbinder_use(wifi_hal_legacy) diff --git a/wificond.te b/public/wificond.te similarity index 98% rename from wificond.te rename to public/wificond.te index 673394a2c0c27c77930cf496d482423adaea8b8a..82c10c131684f105fb9a36f49845acac8eddadd1 100644 --- a/wificond.te +++ b/public/wificond.te @@ -2,8 +2,6 @@ type wificond, domain; type wificond_exec, exec_type, file_type; -init_daemon_domain(wificond) - binder_use(wificond) binder_call(wificond, system_server) binder_call(wificond, wpa) diff --git a/wpa.te b/public/wpa.te similarity index 95% rename from wpa.te rename to public/wpa.te index dfb73dc2efee6659c8feb2c05f83ab701c8d6622..3cb042bdac38b05b07cbcfec273ba1dc965c2323 100644 --- a/wpa.te +++ b/public/wpa.te @@ -2,8 +2,6 @@ type wpa, domain, domain_deprecated; type wpa_exec, exec_type, file_type; -init_daemon_domain(wpa) - net_domain(wpa) # in addition to ioctls whitelisted for all domains, grant wpa priv_sock_ioctls. allowxperm wpa self:udp_socket ioctl priv_sock_ioctls; @@ -29,7 +27,6 @@ binder_call(wpa, wificond) allow wpa wpa_supplicant_service:service_manager { add find }; # Create a socket for receiving info from wpa -type_transition wpa wifi_data_file:dir wpa_socket "sockets"; allow wpa wpa_socket:dir create_dir_perms; allow wpa wpa_socket:sock_file create_file_perms; diff --git a/zygote.te b/public/zygote.te similarity index 99% rename from zygote.te rename to public/zygote.te index 9f210ed3a347df0f1b307ac3afe1e1ed2d5abd54..94081ef56a0c15ff7fad7873d1d7f9fc365277e0 100644 --- a/zygote.te +++ b/public/zygote.te @@ -2,7 +2,6 @@ type zygote, domain, domain_deprecated; type zygote_exec, exec_type, file_type; -init_daemon_domain(zygote) typeattribute zygote mlstrustedsubject; # Override DAC on files and switch uid/gid. allow zygote self:capability { dac_override setgid setuid fowner chown };