diff --git a/private/file_contexts b/private/file_contexts
index 9417480cdcc02e826cfaee2b4e9cde638a053722..7f15b402ced0963fa7bc9a62bc51268de2c1ec61 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -265,6 +265,8 @@
# Vendor files
#
/(vendor|system/vendor)(/.*)? u:object_r:vendor_file:s0
+/(vendor|system/vendor)/bin/sh u:object_r:vendor_shell_exec:s0
+/(vendor|system/vendor)/bin/toybox_vendor u:object_r:vendor_toolbox_exec:s0
/(vendor|system/vendor)/etc(/.*)? u:object_r:vendor_configs_file:s0
/(vendor|system/vendor)/lib(64)?/egl(/.*)? u:object_r:same_process_hal_file:s0
diff --git a/private/priv_app.te b/private/priv_app.te
index f1570737f632e2080db4961ebdebdcc87acf930d..bb7598e49e9b2cea243fc96e5a1a0d8f90c6d34e 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -73,9 +73,6 @@ userdebug_or_eng(`
allow priv_app perfprofd_data_file:dir r_dir_perms;
')
-# Allow GMS core to scan executables on the system partition
-allow priv_app exec_type:file { getattr read open };
-
# For AppFuse.
allow priv_app vold:fd use;
allow priv_app fuse_device:chr_file { read write };
diff --git a/public/domain.te b/public/domain.te
index 10e1bb521b5a814ca4494583caf431f7b86bf343..24e21e6d99d0e9c48e68dac644d695f1c84b10bc 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -657,7 +657,7 @@ full_treble_only(`
coredomain
-appdomain
-idmap
- -init
+ -init
-system_server
-zygote
} vendor_overlay_file:dir { getattr open read search };
@@ -666,10 +666,33 @@ full_treble_only(`
coredomain
-appdomain
-idmap
- -init
+ -init
-system_server
-zygote
} vendor_overlay_file:{ file lnk_file } r_file_perms;
+
+ # Non-vendor domains are not allowed to file execute shell
+ # from vendor
+ neverallow {
+ coredomain
+ -init
+ } vendor_shell_exec:file { execute execute_no_trans };
+
+ # Do not allow vendor components to execute files from system
+ # except for the ones whitelist here.
+ # TODO:(b/36463595) Make this a neverallow
+ userdebug_or_eng(`
+ auditallow {
+ domain
+ -coredomain
+ -appdomain
+ -rild
+ } {
+ exec_type
+ -vendor_file_type
+ -crash_dump_exec
+ }:file { entrypoint execute execute_no_trans };
+ ')
')
# Only authorized processes should be writing to files in /data/dalvik-cache
diff --git a/public/init.te b/public/init.te
index 352cb3d6d34fa7fed079d49e77c0eb03f570b39b..908706b5367fbe9348d343e60aa5ceaf8750d619 100644
--- a/public/init.te
+++ b/public/init.te
@@ -400,6 +400,8 @@ allow init proc_meminfo:file r_file_perms;
allow init system_data_file:file { getattr read };
allow init system_data_file:lnk_file r_file_perms;
+# For init to be able to run shell scripts from vendor
+allow init vendor_shell_exec:file execute;
###
### neverallow rules
diff --git a/public/vendor_shell.te b/public/vendor_shell.te
new file mode 100644
index 0000000000000000000000000000000000000000..b33054290f7091e36066ed3e415d6249a723919e
--- /dev/null
+++ b/public/vendor_shell.te
@@ -0,0 +1,4 @@
+# vendor shell MUST never run as interactive or login shell.
+# vendor shell CAN never be traisitioned to by any process, so it is
+# only intended by shell script interpreter.
+type vendor_shell_exec, exec_type, vendor_file_type, file_type;
diff --git a/public/vendor_toolbox.te b/public/vendor_toolbox.te
new file mode 100644
index 0000000000000000000000000000000000000000..39462f8e776de512fb6b5ea6dc7e075b8bed8579
--- /dev/null
+++ b/public/vendor_toolbox.te
@@ -0,0 +1,12 @@
+# Toolbox installation for vendor binaries / scripts
+# Non-vendor processes are not allowed to execute the binary
+# and is always executed without transition.
+type vendor_toolbox_exec, exec_type, vendor_file_type, file_type;
+
+# Do not allow domains to transition to vendor toolbox
+# or read, execute the vendor_toolbox file.
+full_treble_only(`
+ # Do not allow non-vendor domains to transition
+ # to vendor toolbox
+ neverallow coredomain vendor_toolbox_exec:file { entrypoint execute execute_no_trans };
+')