Merge "Add extraneous neverallow rule to enforce attribute inclusion." into oc-dev

am: b5aeaf6d Change-Id: Ib0ac9cf10c7cb9fd2462e0036307e2552d19b93b

Merge "Add extraneous neverallow rule to enforce attribute inclusion." into oc-dev
2f2fd365 · Dan Cashman · android-build-merger · d4faa3ce · b5aeaf6d · 2f2fd365
Commit 2f2fd365 authored 7 years ago by Dan Cashman Committed by android-build-merger 7 years ago
--- a/public/domain.te
+++ b/public/domain.te
@@ -499,6 +499,7 @@ neverallow {
  -recovery
  -ueventd
 } misc_block_device:blk_file { append link relabelfrom rename write open read ioctl lock };
+neverallow hal_bootctl unlabeled:service_manager list; #TODO: b/62658302

 # Only (hw|vnd|)servicemanager should be able to register with binder as the context manager
 neverallow { domain -servicemanager -hwservicemanager -vndservicemanager } *:binder set_context_mgr;
@@ -557,6 +558,7 @@ full_treble_only(`
    -appdomain
    -binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
  } servicemanager:binder { call transfer };
+  neverallow binder_in_vendor_violators unlabeled:service_manager list ; #TODO: b/62658302
 ')

 # On full TREBLE devices, only vendor components, shell, and su can use VendorBinder.
@@ -615,6 +617,7 @@ full_treble_only(`
    -incidentd # TODO(b/35870313): Remove incidentd from this list once vendor domains no longer declare Binder services
    -tombstoned # TODO(b/36604251): Remove tombstoned from this list once mediacodec (OMX HAL) no longer declares Binder services
  });
+  neverallow socket_between_core_and_vendor_violators unlabeled:service_manager list ; #TODO: b/62658302

  # Vendor domains (except netdomain) are not permitted to initiate communications to netd sockets
  neverallow_establish_socket_comms({
@@ -646,6 +649,10 @@ full_treble_only(`
    -pdx_endpoint_socket_type # used by VR layer
    -pdx_channel_socket_type # used by VR layer
  }:sock_file ~{ append getattr ioctl read write };
+  neverallow {
+    pdx_endpoint_socket_type
+    pdx_channel_socket_type
+  } unlabeled:service_manager list; #TODO: b/62658302

  # Core domains are not permitted to create/open sockets owned by vendor domains
  neverallow {
@@ -730,6 +737,7 @@ full_treble_only(`
        -crash_dump_exec
        -netutils_wrapper_exec
    }:file { entrypoint execute execute_no_trans };
+    neverallow vendor_executes_system_violators unlabeled:service_manager list; #TODO: b/62658302
 ')

 # Only authorized processes should be writing to files in /data/dalvik-cache

--- a/public/te_macros
+++ b/public/te_macros
@@ -550,6 +550,7 @@ define(`use_drmservice', `
 define(`add_service', `
  allow $1 $2:service_manager { add find };
  neverallow { domain -$1 } $2:service_manager add;
+  neverallow $1 unlabeled:service_manager add; #TODO: b/62658302
 ')

 ###########################################
@@ -561,6 +562,7 @@ define(`add_hwservice', `
  allow $1 $2:hwservice_manager { add find };
  allow $1 hidl_base_hwservice:hwservice_manager add;
  neverallow { domain -$1 } $2:hwservice_manager add;
+  neverallow $1 unlabeled:hwservice_manager add; #TODO: b/62658302
 ')

 ##########################################