Gitiles
Code Review Sign In
LeafOS / LeafOS-Project / android_system_sepolicy / 9b534bf1ac39f618dc646e4f4e4c19dd2aa34e20^1..9b534bf1ac39f618dc646e4f4e4c19dd2aa34e20 / .
commit9b534bf1ac39f618dc646e4f4e4c19dd2aa34e20[log] [tgz]
authorJernej Virag <jernej@google.com>Fri Feb 16 11:30:03 2024 +0000
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>Fri Feb 16 11:30:03 2024 +0000
treef94e3faa1ee20c1d2a9cf61fbb2ca6b7a18459cc
parent63480ed092bc72a3f306d4de4f9935168dcb4282 [diff]
parentdd1b00fa713f492488f4507c47afa9fa97ada254 [diff]
Merge "Revert "Relax neverallows for vendor to use /system/bin/sh"" into main am: bbff9f5ea1 am: dd1b00fa71

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2967124

Change-Id: I8459b5ec502d4c89e1d7dece37c8ed8272e71715
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

diff --git a/public/domain.te b/public/domain.te
index 755b4b2..e27da4f 100644
--- a/public/domain.te
+++ b/public/domain.te

@@ -924,9 +924,6 @@
         -crash_dump_exec
         -netutils_wrapper_exec
         userdebug_or_eng(`-tcpdump_exec')
-        # Vendor components still can invoke shell commands via /system/bin/sh
-        -shell_exec
-        -toolbox_exec
     }:file { entrypoint execute execute_no_trans };
 ')
 
@@ -1007,9 +1004,6 @@
     -task_profiles_api_file
     -task_profiles_file
     userdebug_or_eng(`-tcpdump_exec')
-    # Vendor components still can invoke shell commands via /system/bin/sh
-    -shell_exec
-    -toolbox_exec
   }:file *;
 ')
 

diff --git a/public/hal_neverallows.te b/public/hal_neverallows.te
index 6730c32..621a0b8 100644
--- a/public/hal_neverallows.te
+++ b/public/hal_neverallows.te

@@ -85,13 +85,7 @@
   halserverdomain
   -hal_dumpstate_server
   -hal_telephony_server
-} {
-  file_type
-  fs_type
-  # May invoke shell commands via /system/bin/sh
-  -shell_exec
-  -toolbox_exec
-}:file execute_no_trans;
+} { file_type fs_type }:file execute_no_trans;
 # Do not allow a process other than init to transition into a HAL domain.
 neverallow { domain -init } halserverdomain:process transition;
 # Only allow transitioning to a domain by running its executable. Do not