Create attribute for moving perms out of domain

Motivation: Domain is overly permissive. Start removing permissions from domain and assign them to the domain_deprecated attribute. Domain_deprecated and domain can initially be assigned to all domains. The goal is to not assign domain_deprecated to new domains and to start removing domain_deprecated where it is not required or reassigning the appropriate permissions to the inheriting domain when necessary. Bug: 25433265 Change-Id: I8b11cb137df7bdd382629c98d916a73fe276413c

Create attribute for moving perms out of domain
Motivation: Domain is overly permissive. Start removing permissions from domain and assign them to the domain_deprecated attribute. Domain_deprecated and domain can initially be assigned to all domains. The goal is to not assign domain_deprecated to new domains and to start removing domain_deprecated where it is not required or reassigning the appropriate permissions to the inheriting domain when necessary. Bug: 25433265 Change-Id: I8b11cb137df7bdd382629c98d916a73fe276413c
d22987b4 · Jeff Vander Stoep · Jeffrey Vander Stoep · e25588fb · d22987b4 · d22987b4
Commit d22987b4 authored 9 years ago by Jeff Vander Stoep Committed by Jeffrey Vander Stoep 9 years ago
--- a/adbd.te
+++ b/adbd.te
 # adbd seclabel is specified in init.rc since
 # it lives in the rootfs and has no unique file type.
-type adbd, domain, mlstrustedsubject;
+type adbd, domain, domain_deprecated, mlstrustedsubject;
 userdebug_or_eng(`
  allow adbd self:process setcurrent;

--- a/atrace.te
+++ b/atrace.te
@@ -3,7 +3,7 @@ type atrace_exec, exec_type, file_type;
 userdebug_or_eng(`
-  type atrace, domain;
+  type atrace, domain, domain_deprecated;
  init_daemon_domain(atrace)
  # boottrace services uses /data/misc/boottrace/categories

--- a/attributes
+++ b/attributes
@@ -8,6 +8,16 @@ attribute dev_type;
 # All types used for processes.
 attribute domain;
+# Temporary attribute used for migrating permissions out of domain.
+# Motivation: Domain is overly permissive. Start removing permissions
+# from domain and assign them to the domain_deprecated attribute.
+# Domain_deprecated and domain can initially be assigned to all
+# domains. The goal is to not assign domain_deprecated to new domains
+# and to start removing domain_deprecated where it's not required or
+# reassigning the appropriate permissions to the inheriting domain
+# when necessary.
+attribute domain_deprecated;
 # All types used for filesystems.
 attribute fs_type;

--- a/blkid.te
+++ b/blkid.te
 # blkid called from vold
-type blkid, domain;
+type blkid, domain, domain_deprecated;
 type blkid_exec, exec_type, file_type;
 # Allowed read-only access to encrypted devices to extract UUID/label

--- a/blkid_untrusted.te
+++ b/blkid_untrusted.te
 # blkid for untrusted block devices
-type blkid_untrusted, domain;
+type blkid_untrusted, domain, domain_deprecated;
 # Allowed read-only access to vold block devices to extract UUID/label
 allow blkid_untrusted block_device:dir search;

--- a/bluetooth.te
+++ b/bluetooth.te
 # bluetooth subsystem
-type bluetooth, domain;
+type bluetooth, domain, domain_deprecated;
 app_domain(bluetooth)
 net_domain(bluetooth)

--- a/bootanim.te
+++ b/bootanim.te
 # bootanimation oneshot service
-type bootanim, domain;
+type bootanim, domain, domain_deprecated;
 type bootanim_exec, exec_type, file_type;
 init_daemon_domain(bootanim)

--- a/clatd.te
+++ b/clatd.te
 # 464xlat daemon
-type clatd, domain;
+type clatd, domain, domain_deprecated;
 type clatd_exec, exec_type, file_type;
 net_domain(clatd)

--- a/debuggerd.te
+++ b/debuggerd.te
 # debugger interface
-type debuggerd, domain;
+type debuggerd, domain, domain_deprecated;
 type debuggerd_exec, exec_type, file_type;
 init_daemon_domain(debuggerd)

--- a/dex2oat.te
+++ b/dex2oat.te
 # dex2oat
-type dex2oat, domain;
+type dex2oat, domain, domain_deprecated;
 type dex2oat_exec, exec_type, file_type;
 allow dex2oat dalvikcache_data_file:file write;

--- a/dhcp.te
+++ b/dhcp.te
-type dhcp, domain;
+type dhcp, domain, domain_deprecated;
 type dhcp_exec, exec_type, file_type;
 type dhcp_data_file, file_type, data_file_type;

--- a/dnsmasq.te
+++ b/dnsmasq.te
 # DNS, DHCP services
-type dnsmasq, domain;
+type dnsmasq, domain, domain_deprecated;
 type dnsmasq_exec, exec_type, file_type;
 net_domain(dnsmasq)

--- a/domain_deprecated.te
+++ b/domain_deprecated.te
+# rules removed from the domain attribute
--- a/drmserver.te
+++ b/drmserver.te
 # drmserver - DRM service
-type drmserver, domain;
+type drmserver, domain, domain_deprecated;
 type drmserver_exec, exec_type, file_type;
 init_daemon_domain(drmserver)

--- a/dumpstate.te
+++ b/dumpstate.te
 # dumpstate
-type dumpstate, domain, mlstrustedsubject;
+type dumpstate, domain, domain_deprecated, mlstrustedsubject;
 type dumpstate_exec, exec_type, file_type;
 init_daemon_domain(dumpstate)

--- a/fingerprintd.te
+++ b/fingerprintd.te
-type fingerprintd, domain;
+type fingerprintd, domain, domain_deprecated;
 type fingerprintd_exec, exec_type, file_type;
 # fingerprintd

--- a/fsck.te
+++ b/fsck.te
 # Any fsck program run by init
-type fsck, domain;
+type fsck, domain, domain_deprecated;
 type fsck_exec, exec_type, file_type;
 init_daemon_domain(fsck)

--- a/fsck_untrusted.te
+++ b/fsck_untrusted.te
 # Any fsck program run on untrusted block devices
-type fsck_untrusted, domain;
+type fsck_untrusted, domain, domain_deprecated;
 # Inherit and use pty created by android_fork_execvp_ext().
 allow fsck_untrusted devpts:chr_file { read write ioctl getattr };

--- a/gatekeeperd.te
+++ b/gatekeeperd.te
-type gatekeeperd, domain;
+type gatekeeperd, domain, domain_deprecated;
 type gatekeeperd_exec, exec_type, file_type;
 # gatekeeperd

--- a/gpsd.te
+++ b/gpsd.te
 # gpsd - GPS daemon
-type gpsd, domain;
+type gpsd, domain, domain_deprecated;
 type gpsd_exec, exec_type, file_type;
 init_daemon_domain(gpsd)