Revert "Coredomain can't execute vendor code."

This reverts commit 07dd2c9e. Reason for revert: albacore build broken Change-Id: I551b1d8c008f01fb815e42b59d397feb9672b8e6

Revert "Coredomain can't execute vendor code."
This reverts commit 07dd2c9e. Reason for revert: albacore build broken Change-Id: I551b1d8c008f01fb815e42b59d397feb9672b8e6
d2315bdf · Tri Vo · 07dd2c9e · d2315bdf · d2315bdf
Commit d2315bdf authored 7 years ago by Tri Vo
--- a/public/attributes
+++ b/public/attributes
@@ -154,12 +154,6 @@ expandattribute vendor_executes_system_violators false;
 attribute data_between_core_and_vendor_violators;
 expandattribute data_between_core_and_vendor_violators false;

-# All system domains which violate the requirement of not executing vendor
-# binaries/libraries.
-# TODO(b/62041836)
-attribute system_executes_vendor_violators;
-expandattribute system_executes_vendor_violators false;
-
 # hwservices that are accessible from untrusted applications
 # WARNING: Use of this attribute should be avoided unless
 # absolutely necessary.  It is a temporary allowance to aid the

--- a/public/domain.te
+++ b/public/domain.te
@@ -829,20 +829,6 @@ full_treble_only(`
        -crash_dump_exec
        -netutils_wrapper_exec
    }:file { entrypoint execute execute_no_trans };
-
-    # Do not allow system components to execute files from vendor
-    # except for the ones whitelist here.
-    neverallow {
-      coredomain
-      -init
-      -system_executes_vendor_violators
-      -vendor_init
-    } {
-      vendor_file_type
-      -same_process_hal_file
-      -vndk_sp_file
-      -vendor_app_file
-    }:file { execute execute_no_trans };
 ')

 # Only authorized processes should be writing to files in /data/dalvik-cache