From fe02a4ee48f324185cdd5a3490e86e9c818336a3 Mon Sep 17 00:00:00 2001
From: Dan Cashman <dcashman@google.com>
Date: Fri, 14 Apr 2017 13:50:34 -0700
Subject: [PATCH] Remove vndservice_manager object classes.
vndservicemanager is a copy of servicemanager, and so has the exact
same properties. This should be reflected in the sharing of an object
manager in SELinux policy, rather than creating a second one, which is
effectively an attempt at namespacing based on object rather than type
labels. hwservicemanager, however, provides different and additional
functionality that may be reflected in changed permissions, though they
currently map to the existing servicemanager permissions. Keep the new
hwservice_manager object manager but remove the vndservice_manager one.
(preemptive cherry-pick of commit: 2f1c7ba75e823b1cdcd6115c5504dcad6c2eab0f
to avoid merge conflict)
Bug: 34454312
Bug: 36052864
Test: policy builds and device boots.
Change-Id: I9e0c2757be4026101e32ba780f1fa67130cfa14e
---
private/access_vectors | 7 -------
private/security_classes | 3 ---
public/domain.te | 15 ++++++++++++---
public/su.te | 4 ++--
4 files changed, 14 insertions(+), 15 deletions(-)
diff --git a/private/access_vectors b/private/access_vectors
index 6b08d9efc..74cf530a6 100644
--- a/private/access_vectors
+++ b/private/access_vectors
@@ -675,13 +675,6 @@ class hwservice_manager
list
}
-class vndservice_manager
-{
- add
- find
- list
-}
-
class keystore_key
{
get_state
diff --git a/private/security_classes b/private/security_classes
index 5685bd6f8..02e3ef2f6 100644
--- a/private/security_classes
+++ b/private/security_classes
@@ -137,9 +137,6 @@ class service_manager # userspace
# hardware service manager # userspace
class hwservice_manager
-# vendor service manager # userspace
-class vndservice_manager
-
# Keystore Key
class keystore_key # userspace
diff --git a/public/domain.te b/public/domain.te
index e75ce1a4b..97f75c065 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -219,7 +219,7 @@ allow domain default_android_hwservice:hwservice_manager { add find };
allow { domain -domain } hwservice_manager_type:hwservice_manager { add find };
# Workaround for policy compiler being too aggressive and removing vndservice_manager_type
# when it's not explicitly used in allow rules
-allow { domain -domain } vndservice_manager_type:vndservice_manager { add find };
+allow { domain -domain } vndservice_manager_type:service_manager { add find };
###
### neverallow rules
@@ -914,8 +914,17 @@ neverallow {
} shell_data_file:file open;
-# servicemanager is the only process which handles list request
-neverallow * ~servicemanager:service_manager list;
+# servicemanager and vndservicemanager are the only processes which handle the
+# service_manager list request
+neverallow * ~{
+ servicemanager
+ vndservicemanager
+ }:service_manager list;
+
+# hwservicemanager is the only process which handles hw list requests
+neverallow * ~{
+ hwservicemanager
+ }:hwservice_manager list;
# only service_manager_types can be added to service_manager
# TODO - rework this: neverallow * ~service_manager_type:service_manager { add find };
diff --git a/public/su.te b/public/su.te
index 77fd07111..47349d88f 100644
--- a/public/su.te
+++ b/public/su.te
@@ -38,10 +38,10 @@ userdebug_or_eng(`
dontaudit su property_type:file *;
dontaudit su service_manager_type:service_manager *;
dontaudit su hwservice_manager_type:hwservice_manager *;
- dontaudit su vndservice_manager_type:vndservice_manager *;
+ dontaudit su vndservice_manager_type:service_manager *;
dontaudit su servicemanager:service_manager list;
dontaudit su hwservicemanager:hwservice_manager list;
- dontaudit su vndservicemanager:vndservice_manager list;
+ dontaudit su vndservicemanager:service_manager list;
dontaudit su keystore:keystore_key *;
dontaudit su domain:drmservice *;
dontaudit su unlabeled:filesystem *;
--
GitLab