From e41af2039792d3c9312b484eab307fa054ad2daa Mon Sep 17 00:00:00 2001
From: Sandeep Patil <sspatil@google.com>
Date: Fri, 2 Jun 2017 16:09:26 -0700
Subject: [PATCH] Fix coredomain violation for modprobe

modprobe domain was allowed to launch vendor toolbox even if its a
coredomain. That violates the treble separation. Fix that by creating a
separate 'vendor_modprobe' domain that init is allowed to transition to
through vendor_toolbox.

Bug: 37008075
Test: Build and boot sailfish

Change-Id: Ic3331797691bb5d1fdc05a674aa4aa313e1f86b2
Signed-off-by: Sandeep Patil <sspatil@google.com>
(cherry picked from commit 9e366a0e4959682713037f24af708cf22b9b53c7)
---
 private/init.te           |  2 +-
 public/modprobe.te        |  4 ++--
 vendor/vendor_modprobe.te | 11 +++++++++++
 3 files changed, 14 insertions(+), 3 deletions(-)
 create mode 100644 vendor/vendor_modprobe.te

diff --git a/private/init.te b/private/init.te
index b6c49b952..568e0d360 100644
--- a/private/init.te
+++ b/private/init.te
@@ -13,7 +13,7 @@ recovery_only(`
 domain_trans(init, shell_exec, shell)
 domain_trans(init, init_exec, ueventd)
 domain_trans(init, init_exec, watchdogd)
-domain_trans(init, { rootfs toolbox_exec vendor_toolbox_exec }, modprobe)
+domain_trans(init, { rootfs toolbox_exec }, modprobe)
 # case where logpersistd is actually logcat -f in logd context (nee: logcatd)
 userdebug_or_eng(`
   domain_auto_trans(init, logcat_exec, logpersist)
diff --git a/public/modprobe.te b/public/modprobe.te
index a286c1719..3ed320e5b 100644
--- a/public/modprobe.te
+++ b/public/modprobe.te
@@ -7,5 +7,5 @@ recovery_only(`
   allow modprobe rootfs:system module_load;
   allow modprobe rootfs:file r_file_perms;
 ')
-allow modprobe { system_file vendor_file }:system module_load;
-r_dir_file(modprobe, { system_file vendor_file })
+allow modprobe { system_file }:system module_load;
+r_dir_file(modprobe, { system_file })
diff --git a/vendor/vendor_modprobe.te b/vendor/vendor_modprobe.te
new file mode 100644
index 000000000..b8a1edbc9
--- /dev/null
+++ b/vendor/vendor_modprobe.te
@@ -0,0 +1,11 @@
+type vendor_modprobe, domain;
+
+# For the use of /vendor/bin/modprobe from vendor init.rc fragments
+domain_trans(init, vendor_toolbox_exec, vendor_modprobe)
+
+allow vendor_modprobe proc_modules:file r_file_perms;
+allow vendor_modprobe self:capability sys_module;
+allow vendor_modprobe kernel:key search;
+
+allow vendor_modprobe { vendor_file }:system module_load;
+r_dir_file(vendor_modprobe, { vendor_file })
-- 
GitLab