Move domain_deprecated into private policy
This attribute is being actively removed from policy. Since
attributes are not being versioned, partners must not be able to
access and use this attribute. Move it from private and verify in
the logs that rild and tee are not using these permissions.
Bug: 38316109
Test: build and boot Marlin
Test: Verify that rild and tee are not being granted any of these
permissions.
Change-Id: I31beeb5bdf3885195310b086c1af3432dc6a349b
diff --git a/public/attributes b/public/attributes
index c449a08..c1c1c0b 100644
--- a/public/attributes
+++ b/public/attributes
@@ -10,16 +10,6 @@
# All types used for processes.
attribute domain;
-# Temporary attribute used for migrating permissions out of domain.
-# Motivation: Domain is overly permissive. Start removing permissions
-# from domain and assign them to the domain_deprecated attribute.
-# Domain_deprecated and domain can initially be assigned to all
-# domains. The goal is to not assign domain_deprecated to new domains
-# and to start removing domain_deprecated where it's not required or
-# reassigning the appropriate permissions to the inheriting domain
-# when necessary.
-attribute domain_deprecated;
-
# All types used for filesystems.
# On change, update CHECK_FC_ASSERT_ATTRS
# definition in tools/checkfc.c.
diff --git a/public/clatd.te b/public/clatd.te
index 8632087..212b76e 100644
--- a/public/clatd.te
+++ b/public/clatd.te
@@ -1,5 +1,5 @@
# 464xlat daemon
-type clatd, domain, domain_deprecated;
+type clatd, domain;
type clatd_exec, exec_type, file_type;
net_domain(clatd)
diff --git a/public/dex2oat.te b/public/dex2oat.te
index cc8111f..47f3bcb 100644
--- a/public/dex2oat.te
+++ b/public/dex2oat.te
@@ -1,5 +1,5 @@
# dex2oat
-type dex2oat, domain, domain_deprecated;
+type dex2oat, domain;
type dex2oat_exec, exec_type, file_type;
r_dir_file(dex2oat, apk_data_file)
diff --git a/public/dhcp.te b/public/dhcp.te
index 22351ed..2b54b7f 100644
--- a/public/dhcp.te
+++ b/public/dhcp.te
@@ -1,4 +1,4 @@
-type dhcp, domain, domain_deprecated;
+type dhcp, domain;
type dhcp_exec, exec_type, file_type;
net_domain(dhcp)
diff --git a/public/domain_deprecated.te b/public/domain_deprecated.te
deleted file mode 100644
index 7a26bec..0000000
--- a/public/domain_deprecated.te
+++ /dev/null
@@ -1,319 +0,0 @@
-# rules removed from the domain attribute
-
-# Search /storage/emulated tmpfs mount.
-allow { domain_deprecated -installd } tmpfs:dir r_dir_perms;
-userdebug_or_eng(`
-auditallow {
- domain_deprecated
- -appdomain
- -installd
- -sdcardd
- -surfaceflinger
- -system_server
- -vold
- -zygote
-} tmpfs:dir r_dir_perms;
-')
-
-# Inherit or receive open files from others.
-allow domain_deprecated system_server:fd use;
-userdebug_or_eng(`
-auditallow { domain_deprecated -appdomain -netd -surfaceflinger } system_server:fd use;
-')
-
-# Connect to adbd and use a socket transferred from it.
-# This is used for e.g. adb backup/restore.
-allow domain_deprecated adbd:fd use;
-userdebug_or_eng(`
-auditallow { domain_deprecated -appdomain -system_server } adbd:fd use;
-')
-
-# Root fs.
-allow domain_deprecated rootfs:dir r_dir_perms;
-allow domain_deprecated rootfs:file r_file_perms;
-allow domain_deprecated rootfs:lnk_file r_file_perms;
-userdebug_or_eng(`
-auditallow {
- domain_deprecated
- -fsck
- -healthd
- -installd
- -servicemanager
- -system_server
- -ueventd
- -uncrypt
- -vold
- -zygote
-} rootfs:dir { open getattr read ioctl lock }; # search granted in domain
-auditallow {
- domain_deprecated
- -healthd
- -installd
- -servicemanager
- -system_server
- -ueventd
- -uncrypt
- -vold
- -zygote
-} rootfs:file r_file_perms;
-auditallow {
- domain_deprecated
- -appdomain
- -healthd
- -installd
- -servicemanager
- -system_server
- -ueventd
- -uncrypt
- -vold
- -zygote
-} rootfs:lnk_file { getattr open ioctl lock }; # read granted in domain
-')
-
-# System file accesses.
-allow domain_deprecated system_file:dir r_dir_perms;
-userdebug_or_eng(`
-auditallow {
- domain_deprecated
- -appdomain
- -fingerprintd
- -installd
- -keystore
- -rild
- -surfaceflinger
- -system_server
- -update_engine
- -vold
- -zygote
-} system_file:dir { open read ioctl lock }; # search getattr in domain
-')
-
-# Read files already opened under /data.
-allow domain_deprecated system_data_file:file { getattr read };
-allow domain_deprecated system_data_file:lnk_file r_file_perms;
-userdebug_or_eng(`
-auditallow {
- domain_deprecated
- -appdomain
- -sdcardd
- -system_server
- -tee
-} system_data_file:file { getattr read };
-auditallow {
- domain_deprecated
- -appdomain
- -system_server
- -tee
-} system_data_file:lnk_file r_file_perms;
-')
-
-# Read apk files under /data/app.
-allow domain_deprecated apk_data_file:dir { getattr search };
-allow domain_deprecated apk_data_file:file r_file_perms;
-allow domain_deprecated apk_data_file:lnk_file r_file_perms;
-userdebug_or_eng(`
-auditallow {
- domain_deprecated
- -appdomain
- -dex2oat
- -installd
- -system_server
-} apk_data_file:dir { getattr search };
-auditallow {
- domain_deprecated
- -appdomain
- -dex2oat
- -installd
- -system_server
-} apk_data_file:file r_file_perms;
-auditallow {
- domain_deprecated
- -appdomain
- -dex2oat
- -installd
- -system_server
-} apk_data_file:lnk_file r_file_perms;
-')
-
-# Read already opened /cache files.
-allow domain_deprecated cache_file:dir r_dir_perms;
-allow domain_deprecated cache_file:file { getattr read };
-allow domain_deprecated cache_file:lnk_file r_file_perms;
-userdebug_or_eng(`
-auditallow {
- domain_deprecated
- -system_server
- -vold
-} cache_file:dir { open read search ioctl lock };
-auditallow {
- domain_deprecated
- -appdomain
- -system_server
- -vold
-} cache_file:dir getattr;
-auditallow {
- domain_deprecated
- -system_server
- -vold
-} cache_file:file { getattr read };
-auditallow {
- domain_deprecated
- -system_server
- -vold
-} cache_file:lnk_file r_file_perms;
-')
-
-# Allow access to ion memory allocation device
-allow domain_deprecated ion_device:chr_file rw_file_perms;
-# split this auditallow into read and write perms since most domains seem to
-# only require read
-userdebug_or_eng(`
-auditallow {
- domain_deprecated
- -appdomain
- -fingerprintd
- -keystore
- -surfaceflinger
- -system_server
- -tee
- -vold
- -zygote
-} ion_device:chr_file r_file_perms;
-auditallow domain_deprecated ion_device:chr_file { write append };
-')
-
-# Read access to pseudo filesystems.
-r_dir_file(domain_deprecated, proc)
-r_dir_file(domain_deprecated, sysfs)
-r_dir_file(domain_deprecated, cgroup)
-allow domain_deprecated proc_meminfo:file r_file_perms;
-
-userdebug_or_eng(`
-auditallow {
- domain_deprecated
- -fsck
- -fsck_untrusted
- -rild
- -sdcardd
- -system_server
- -update_engine
- -vold
-} proc:file r_file_perms;
-auditallow {
- domain_deprecated
- -fsck
- -fsck_untrusted
- -rild
- -system_server
- -vold
-} proc:lnk_file { open ioctl lock }; # getattr read granted in domain
-auditallow {
- domain_deprecated
- -bluetooth
- -fingerprintd
- -healthd
- -netd
- -rild
- -system_app
- -surfaceflinger
- -system_server
- -tee
- -ueventd
- -vold
-} sysfs:dir { open getattr read ioctl lock }; # search granted in domain
-auditallow {
- domain_deprecated
- -bluetooth
- -fingerprintd
- -healthd
- -netd
- -rild
- -system_app
- -surfaceflinger
- -system_server
- -tee
- -ueventd
- -vold
-} sysfs:file r_file_perms;
-auditallow {
- domain_deprecated
- -bluetooth
- -fingerprintd
- -healthd
- -netd
- -rild
- -system_app
- -surfaceflinger
- -system_server
- -tee
- -ueventd
- -vold
-} sysfs:lnk_file { getattr open ioctl lock }; # read granted in domain
-auditallow {
- domain_deprecated
- -appdomain
- -dumpstate
- -fingerprintd
- -healthd
- -inputflinger
- -installd
- -keystore
- -netd
- -rild
- -surfaceflinger
- -system_server
- -zygote
-} cgroup:dir r_dir_perms;
-auditallow {
- domain_deprecated
- -appdomain
- -dumpstate
- -fingerprintd
- -healthd
- -inputflinger
- -installd
- -keystore
- -netd
- -rild
- -surfaceflinger
- -system_server
- -zygote
-} cgroup:{ file lnk_file } r_file_perms;
-auditallow {
- domain_deprecated
- -appdomain
- -surfaceflinger
- -system_server
- -vold
-} proc_meminfo:file r_file_perms;
-')
-
-# Get SELinux enforcing status.
-allow domain_deprecated selinuxfs:dir r_dir_perms;
-allow domain_deprecated selinuxfs:file r_file_perms;
-userdebug_or_eng(`
-auditallow {
- domain_deprecated
- -appdomain
- -installd
- -keystore
- -postinstall_dexopt
- -runas
- -servicemanager
- -system_server
- -ueventd
- -zygote
-} selinuxfs:dir { open getattr read ioctl lock }; # search granted in domain
-auditallow {
- domain_deprecated
- -appdomain
- -installd
- -keystore
- -postinstall_dexopt
- -runas
- -servicemanager
- -system_server
- -ueventd
- -zygote
-} selinuxfs:file { open read ioctl lock }; # getattr granted in domain
-')
diff --git a/public/dumpstate.te b/public/dumpstate.te
index 503f359..4f66ffb 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -1,5 +1,5 @@
# dumpstate
-type dumpstate, domain, domain_deprecated, mlstrustedsubject;
+type dumpstate, domain, mlstrustedsubject;
type dumpstate_exec, exec_type, file_type;
net_domain(dumpstate)
diff --git a/public/fingerprintd.te b/public/fingerprintd.te
index 57cde1d..5dd18a3 100644
--- a/public/fingerprintd.te
+++ b/public/fingerprintd.te
@@ -1,4 +1,4 @@
-type fingerprintd, domain, domain_deprecated;
+type fingerprintd, domain;
type fingerprintd_exec, exec_type, file_type;
binder_use(fingerprintd)
diff --git a/public/fsck.te b/public/fsck.te
index 8f3b17a..b682a87 100644
--- a/public/fsck.te
+++ b/public/fsck.te
@@ -1,5 +1,5 @@
# Any fsck program run by init
-type fsck, domain, domain_deprecated;
+type fsck, domain;
type fsck_exec, exec_type, file_type;
# /dev/__null__ created by init prior to policy load,
diff --git a/public/fsck_untrusted.te b/public/fsck_untrusted.te
index a9dd805..e2aceb8 100644
--- a/public/fsck_untrusted.te
+++ b/public/fsck_untrusted.te
@@ -1,5 +1,5 @@
# Any fsck program run on untrusted block devices
-type fsck_untrusted, domain, domain_deprecated;
+type fsck_untrusted, domain;
# Inherit and use pty created by android_fork_execvp_ext().
allow fsck_untrusted devpts:chr_file { read write ioctl getattr };
diff --git a/public/installd.te b/public/installd.te
index 359356a..939a481 100644
--- a/public/installd.te
+++ b/public/installd.te
@@ -1,5 +1,5 @@
# installer daemon
-type installd, domain, domain_deprecated;
+type installd, domain;
type installd_exec, exec_type, file_type;
typeattribute installd mlstrustedsubject;
allow installd self:capability { chown dac_override fowner fsetid setgid setuid sys_admin };
diff --git a/public/keystore.te b/public/keystore.te
index 2c31185..ee5e675 100644
--- a/public/keystore.te
+++ b/public/keystore.te
@@ -1,4 +1,4 @@
-type keystore, domain, domain_deprecated;
+type keystore, domain;
type keystore_exec, exec_type, file_type;
# keystore daemon
diff --git a/public/mtp.te b/public/mtp.te
index 0ca7cea..a776240 100644
--- a/public/mtp.te
+++ b/public/mtp.te
@@ -1,5 +1,5 @@
# vpn tunneling protocol manager
-type mtp, domain, domain_deprecated;
+type mtp, domain;
type mtp_exec, exec_type, file_type;
net_domain(mtp)
diff --git a/public/netd.te b/public/netd.te
index 1694aec..691887f 100644
--- a/public/netd.te
+++ b/public/netd.te
@@ -1,5 +1,5 @@
# network manager
-type netd, domain, domain_deprecated, mlstrustedsubject;
+type netd, domain, mlstrustedsubject;
type netd_exec, exec_type, file_type;
net_domain(netd)
diff --git a/public/perfprofd.te b/public/perfprofd.te
index f0df6a0..bfb8693 100644
--- a/public/perfprofd.te
+++ b/public/perfprofd.te
@@ -4,7 +4,6 @@
userdebug_or_eng(`
- typeattribute perfprofd domain_deprecated;
typeattribute perfprofd coredomain;
typeattribute perfprofd mlstrustedsubject;
diff --git a/public/ppp.te b/public/ppp.te
index 918ef5e..04e17f5 100644
--- a/public/ppp.te
+++ b/public/ppp.te
@@ -1,5 +1,5 @@
# Point to Point Protocol daemon
-type ppp, domain, domain_deprecated;
+type ppp, domain;
type ppp_device, dev_type;
type ppp_exec, exec_type, file_type;
diff --git a/public/radio.te b/public/radio.te
index f5604fd..87329d9 100644
--- a/public/radio.te
+++ b/public/radio.te
@@ -1,5 +1,5 @@
# phone subsystem
-type radio, domain, domain_deprecated, mlstrustedsubject;
+type radio, domain, mlstrustedsubject;
net_domain(radio)
bluetooth_domain(radio)
diff --git a/public/recovery.te b/public/recovery.te
index f0ac97d..f55dc8a 100644
--- a/public/recovery.te
+++ b/public/recovery.te
@@ -2,7 +2,7 @@
# Declare the domain unconditionally so we can always reference it
# in neverallow rules.
-type recovery, domain, domain_deprecated;
+type recovery, domain;
# But the allow rules are only included in the recovery policy.
# Otherwise recovery is only allowed the domain rules.
diff --git a/public/rild.te b/public/rild.te
index e4b0186..14420df 100644
--- a/public/rild.te
+++ b/public/rild.te
@@ -1,5 +1,5 @@
# rild - radio interface layer daemon
-type rild, domain, domain_deprecated;
+type rild, domain;
hal_server_domain(rild, hal_telephony)
net_domain(rild)
diff --git a/public/runas.te b/public/runas.te
index 046165d..cda02ef 100644
--- a/public/runas.te
+++ b/public/runas.te
@@ -1,4 +1,4 @@
-type runas, domain, domain_deprecated, mlstrustedsubject;
+type runas, domain, mlstrustedsubject;
type runas_exec, exec_type, file_type;
allow runas adbd:process sigchld;
diff --git a/public/sdcardd.te b/public/sdcardd.te
index 3cb69be..47a2f80 100644
--- a/public/sdcardd.te
+++ b/public/sdcardd.te
@@ -1,4 +1,4 @@
-type sdcardd, domain, domain_deprecated;
+type sdcardd, domain;
type sdcardd_exec, exec_type, file_type;
allow sdcardd cgroup:dir create_dir_perms;
diff --git a/public/shared_relro.te b/public/shared_relro.te
index 9794b0b..91cf44d 100644
--- a/public/shared_relro.te
+++ b/public/shared_relro.te
@@ -1,5 +1,5 @@
# Process which creates/updates shared RELRO files to be used by other apps.
-type shared_relro, domain, domain_deprecated;
+type shared_relro, domain;
# Grant write access to the shared relro files/directory.
allow shared_relro shared_relro_file:dir rw_dir_perms;
diff --git a/public/ueventd.te b/public/ueventd.te
index 8ec667e..4c77e11 100644
--- a/public/ueventd.te
+++ b/public/ueventd.te
@@ -1,6 +1,6 @@
# ueventd seclabel is specified in init.rc since
# it lives in the rootfs and has no unique file type.
-type ueventd, domain, domain_deprecated;
+type ueventd, domain;
# Write to /dev/kmsg.
allow ueventd kmsg_device:chr_file rw_file_perms;
diff --git a/public/uncrypt.te b/public/uncrypt.te
index ef1289c..7ae7d39 100644
--- a/public/uncrypt.te
+++ b/public/uncrypt.te
@@ -1,5 +1,5 @@
# uncrypt
-type uncrypt, domain, domain_deprecated, mlstrustedsubject;
+type uncrypt, domain, mlstrustedsubject;
type uncrypt_exec, exec_type, file_type;
allow uncrypt self:capability dac_override;
diff --git a/public/update_engine.te b/public/update_engine.te
index 69ee7c8..b8f0035 100644
--- a/public/update_engine.te
+++ b/public/update_engine.te
@@ -1,5 +1,5 @@
# Domain for update_engine daemon.
-type update_engine, domain, domain_deprecated, update_engine_common;
+type update_engine, domain, update_engine_common;
type update_engine_exec, exec_type, file_type;
net_domain(update_engine);
diff --git a/public/vold.te b/public/vold.te
index 20181d1..81ee28c 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -1,5 +1,5 @@
# volume manager
-type vold, domain, domain_deprecated;
+type vold, domain;
type vold_exec, exec_type, file_type;
# Read already opened /cache files.