From 396015c3952bcbd5678dc20d5e5e4407cf6a4d4a Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Tue, 7 Jan 2014 12:47:10 -0500
Subject: [PATCH] Remove ping domain.

ping in Android no longer requires any additional privileges beyond
the caller.  Drop the ping domain and executable file type entirely.

Also add net_domain() to shell domain so that it can create and
use network sockets.

Change-Id: If51734abe572aecf8f510f1a55782159222e5a67
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 app.te        |  3 +--
 file_contexts |  1 -
 ping.te       | 17 -----------------
 shell.te      |  3 +++
 shell_user.te |  3 +++
 5 files changed, 7 insertions(+), 20 deletions(-)
 delete mode 100644 ping.te

diff --git a/app.te b/app.te
index 02e3f11aa..7d4acfb70 100644
--- a/app.te
+++ b/app.te
@@ -67,7 +67,6 @@ allow appdomain system_data_file:file { execute execute_no_trans open };
 # Execute the shell or other system executables.
 allow appdomain shell_exec:file rx_file_perms;
 allow appdomain system_file:file rx_file_perms;
-allow appdomain ping_exec:file rx_file_perms;
 
 # Read/write wallpaper file (opened by system).
 allow appdomain wallpaper_file:file { read write };
@@ -268,7 +267,7 @@ neverallow { appdomain -unconfineddomain } { domain -appdomain }:process
     { sigkill sigstop signal };
 
 # Transition to a non-app domain.
-# Exception for the shell domain, can transition to runas, ping, etc.
+# Exception for the shell domain, can transition to runas, etc.
 neverallow { appdomain -shell -unconfineddomain } ~appdomain:process
     { transition dyntransition };
 
diff --git a/file_contexts b/file_contexts
index 817c0e021..6c530a66e 100644
--- a/file_contexts
+++ b/file_contexts
@@ -142,7 +142,6 @@
 /system/etc/dhcpcd(/.*)? u:object_r:dhcp_system_file:s0
 /system/xbin/su		u:object_r:su_exec:s0
 /system/vendor/bin/gpsd u:object_r:gpsd_exec:s0
-/system/bin/ping    u:object_r:ping_exec:s0
 /system/bin/dnsmasq     u:object_r:dnsmasq_exec:s0
 /system/bin/hostapd     u:object_r:hostapd_exec:s0
 /system/bin/clatd	u:object_r:clatd_exec:s0
diff --git a/ping.te b/ping.te
deleted file mode 100644
index 20ec97a25..000000000
--- a/ping.te
+++ /dev/null
@@ -1,17 +0,0 @@
-type ping, domain;
-permissive ping;
-type ping_exec, exec_type, file_type;
-domain_auto_trans(shell, ping_exec, ping)
-domain_auto_trans(dumpstate, ping_exec, ping)
-
-allow ping self:capability net_raw;
-allow ping self:rawip_socket create_socket_perms;
-allow ping self:udp_socket create_socket_perms;
-allow ping node:rawip_socket node_bind;
-allow ping dnsproxyd_socket:sock_file write;
-allow ping netd:unix_stream_socket connectto;
-allow ping devpts:chr_file rw_file_perms;
-allow ping shell:fd use;
-
-allow ping dumpstate:fd use;
-allow ping dumpstate:unix_stream_socket { read write };
diff --git a/shell.te b/shell.te
index 9fd7c6d30..18c1dfc22 100644
--- a/shell.te
+++ b/shell.te
@@ -2,6 +2,9 @@
 type shell, domain, shelldomain, mlstrustedsubject;
 type shell_exec, exec_type, file_type;
 
+# Create and use network sockets.
+net_domain(shell)
+
 # Run app_process.
 # XXX Transition into its own domain?
 app_domain(shell)
diff --git a/shell_user.te b/shell_user.te
index 27a5cd095..ad30802c7 100644
--- a/shell_user.te
+++ b/shell_user.te
@@ -2,6 +2,9 @@
 type shell, domain, shelldomain, mlstrustedsubject;
 type shell_exec, exec_type, file_type;
 
+# Create and use network sockets.
+net_domain(shell)
+
 # Run app_process.
 # XXX Transition into its own domain?
 app_domain(shell)
-- 
GitLab