Skip to content
Snippets Groups Projects
Commit 134c7182 authored by Ian Pedowitz's avatar Ian Pedowitz Committed by android-build-merger
Browse files

Merge "Revert "Further restrict access to Binder services from vendor"" into oc-dev 

am: d7a2f60d

Change-Id: Ifc66292d55f1daea28069cbf63cd70bf96fee74d
parents 3100873f d7a2f60d
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 7 additions and 23 deletions
public/domain.te
+ 7
23
View file @ 134c7182
...@@ -442,36 +442,19 @@ full_treble_only(` ...@@ -442,36 +442,19 @@ full_treble_only(`
-appdomain -appdomain
-binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone -binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
} binder_device:chr_file rw_file_perms; } binder_device:chr_file rw_file_perms;
neverallow {
domain
-coredomain
-appdomain # restrictions for vendor apps are declared lower down
-binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
} service_manager_type:service_manager find;
# Vendor apps are permited to use only stable public services. If they were to use arbitrary
# services which can change any time framework/core is updated, breakage is likely.
neverallow {
appdomain
-coredomain
} {
service_manager_type
-app_api_service
-ephemeral_app_api_service
}:service_manager find;
neverallow { neverallow {
domain domain
-coredomain -coredomain
-appdomain -appdomain
-binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone -binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
} servicemanager:binder { call transfer }; } servicemanager:binder { call transfer };
')
## ##
# On full TREBLE devices core android components and vendor components may # On full TREBLE devices core android components and vendor components may
# not directly access each other's data types. All communication must occur # not directly access each other data types. All communication must occur
# over HW binder. Open file descriptors may be passed and read/write/stat # over HW binder. Open file descriptors may be passed and read/write/stat
# operations my be performed on those FDs. Disallow all other operations. # operations my be performed on those FDs. Disallow all other operations.
full_treble_only(` #
# do not allow vendor component access to coredomains data types # do not allow vendor component access to coredomains data types
neverallow { neverallow {
domain domain
...@@ -496,6 +479,7 @@ full_treble_only(` ...@@ -496,6 +479,7 @@ full_treble_only(`
-appdomain -appdomain
-coredata_in_vendor_violators -coredata_in_vendor_violators
} system_data_file:dir ~search; } system_data_file:dir ~search;
') ')
# On full TREBLE devices, socket communications between core components and vendor components are # On full TREBLE devices, socket communications between core components and vendor components are
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment