From 06b1fd66f3229bdafc5196357c9300175d7934fb Mon Sep 17 00:00:00 2001
From: Jeff Sharkey <jsharkey@android.com>
Date: Thu, 14 Sep 2017 13:19:20 -0600
Subject: [PATCH] Move vdc commands over to Binder.

Use nice clean AIDL instead of dirty sockets.

avc: denied { call } for pid=603 comm="vdc" scontext=u:r:vdc:s0 tcontext=u:r:servicemanager:s0 tclass=binder permissive=0

Test: vdc cryptfs init_user0
Bug: 13758960
Change-Id: I8b0e63adad8c4c7e2b5e6aca48386d1b371ea6a5
---
 public/vdc.te  | 9 +++++++++
 public/vold.te | 4 ++--
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/public/vdc.te b/public/vdc.te
index 53d7bbe2c..75a5d1b8a 100644
--- a/public/vdc.te
+++ b/public/vdc.te
@@ -8,16 +8,20 @@
 type vdc, domain;
 type vdc_exec, exec_type, file_type;
 
+# TODO: remove as part of 13758960
 unix_socket_connect(vdc, vold, vold)
 
 # vdc sends information back to dumpstate when "adb bugreport" is used
+# TODO: remove as part of 13758960
 allow vdc dumpstate:fd use;
 allow vdc dumpstate:unix_stream_socket { read write getattr };
 
 # vdc information is written to shell owned bugreport files
+# TODO: remove as part of 13758960
 allow vdc shell_data_file:file { write getattr };
 
 # Why?
+# TODO: remove as part of 13758960
 allow vdc dumpstate:unix_dgram_socket { read write };
 
 # vdc can be invoked with logwrapper, so let it write to pty
@@ -25,3 +29,8 @@ allow vdc devpts:chr_file rw_file_perms;
 
 # vdc writes directly to kmsg during the boot process
 allow vdc kmsg_device:chr_file w_file_perms;
+
+# vdc talks to vold over Binder
+binder_use(vdc)
+binder_call(vdc, vold)
+allow vdc vold_service:service_manager find;
diff --git a/public/vold.te b/public/vold.te
index b2ffbd356..a74354afd 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -198,8 +198,8 @@ neverallow { domain -vold -init } vold_data_file:dir *;
 neverallow { domain -vold -init -kernel } vold_data_file:notdevfile_class_set *;
 neverallow { domain -vold -init } restorecon_prop:property_service set;
 
-# Only system_server can interact with vold over binder
-neverallow { domain -system_server -vold } vold_service:service_manager find;
+# Only system_server and vdc can interact with vold over binder
+neverallow { domain -system_server -vdc -vold } vold_service:service_manager find;
 neverallow vold {
   domain
   -hal_keymaster
-- 
GitLab