Merge "Relax neverallows for vendor to use /system/bin/sh" into main am: 0ae95839d3 am: 7f41c9d97c
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2964802
Change-Id: I2714f748fa639a051f96199b1dd287ece05f612e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/public/domain.te b/public/domain.te
index e27da4f..755b4b2 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -924,6 +924,9 @@
-crash_dump_exec
-netutils_wrapper_exec
userdebug_or_eng(`-tcpdump_exec')
+ # Vendor components still can invoke shell commands via /system/bin/sh
+ -shell_exec
+ -toolbox_exec
}:file { entrypoint execute execute_no_trans };
')
@@ -1004,6 +1007,9 @@
-task_profiles_api_file
-task_profiles_file
userdebug_or_eng(`-tcpdump_exec')
+ # Vendor components still can invoke shell commands via /system/bin/sh
+ -shell_exec
+ -toolbox_exec
}:file *;
')
diff --git a/public/hal_neverallows.te b/public/hal_neverallows.te
index 621a0b8..6730c32 100644
--- a/public/hal_neverallows.te
+++ b/public/hal_neverallows.te
@@ -85,7 +85,13 @@
halserverdomain
-hal_dumpstate_server
-hal_telephony_server
-} { file_type fs_type }:file execute_no_trans;
+} {
+ file_type
+ fs_type
+ # May invoke shell commands via /system/bin/sh
+ -shell_exec
+ -toolbox_exec
+}:file execute_no_trans;
# Do not allow a process other than init to transition into a HAL domain.
neverallow { domain -init } halserverdomain:process transition;
# Only allow transitioning to a domain by running its executable. Do not