From 1d0bb522217f6b4e5ade5221434681490910fabd Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Mon, 15 May 2017 12:04:46 -0700
Subject: [PATCH] DO NOT MERGE: domain.te: Drop appdomain transition neverallow
 assertion

Commit c5266df925169b959977d3fa03b4b369253db837 (Android 7.1) introduced
a new neverallow rule which required that the only way you could become
an appdomain was to have been spawned from zygote or run-as.

  # Only domains spawned from zygote and runas may have the appdomain attribute.
  neverallow { domain -runas -zygote } {
    appdomain -shell userdebug_or_eng(`-su')
    }:process { transition dyntransition };

This change was backported to Android 7.0 in commit
eedacf8341aaa127411f246a653c618d9dde4f5e as part of the relaxation of
another neverallow rule.

As a general rule, the introduction of new neverallow rules in older
Android releases causes pain and unscheduled engineering work for our
partners. As a result, we try to avoid making such changes.

Partially revert eedacf8341aaa127411f246a653c618d9dde4f5e, specifically
the part that introduced a new neverallow rule. This revert is intended
for Android 7.0 ONLY, and should not be applied to newer Android
releases.

Bug: 37418998
Change-Id: I4c2eb30000b230d22d8dbc3b1309a5b63f9f95c9
---
 domain.te | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/domain.te b/domain.te
index a853b3a3d..2fae728dd 100644
--- a/domain.te
+++ b/domain.te
@@ -483,11 +483,6 @@ neverallow {
   -zygote
 } shell:process { transition dyntransition };
 
-# Only domains spawned from zygote and runas may have the appdomain attribute.
-neverallow { domain -runas -zygote } {
-  appdomain -shell userdebug_or_eng(`-su') -bluetooth
-}:process { transition dyntransition };
-
 # Minimize read access to shell- or app-writable symlinks.
 # This is to prevent malicious symlink attacks.
 neverallow {
-- 
GitLab