am a730e50b: Don\'t allow zygote init:binder call

* commit 'a730e50b': Don't allow zygote init:binder call

am a730e50b: Don\'t allow zygote init:binder call
53c03f1b · Nick Kralevich · Android Git Automerger · badf49d0 · a730e50b · 53c03f1b
Commit 53c03f1b authored 11 years ago by Nick Kralevich Committed by Android Git Automerger 11 years ago
--- a/domain.te
+++ b/domain.te
@@ -166,3 +166,7 @@ neverallow { domain -init } proc_security:file { append write };
 # No domain should be allowed to ptrace init.
 neverallow domain init:process ptrace;
+# Init can't receive binder calls. If this neverallow rule is being
+# triggered, it's probably due to a service with no SELinux domain.
+neverallow domain init:binder call;
--- a/unconfined.te
+++ b/unconfined.te
@@ -38,5 +38,5 @@ allow unconfineddomain netif_type:netif *;
 allow unconfineddomain port_type:socket_class_set name_bind;
 allow unconfineddomain port_type:{ tcp_socket dccp_socket } name_connect;
 allow unconfineddomain domain:peer recv;
-allow unconfineddomain domain:binder { call transfer set_context_mgr };
+allow unconfineddomain { domain -init }:binder { call transfer set_context_mgr };
 allow unconfineddomain property_type:property_service set;
--- a/zygote.te
+++ b/zygote.te
@@ -47,7 +47,6 @@ allow zygote zygote_exec:file { execute_no_trans open };
 # handle bugreports b/10498304
 allow zygote ashmem_device:chr_file execute;
-allow zygote init:binder call;
 allow zygote shell_data_file:file { write getattr };
 allow zygote system_server:binder { transfer call };
 allow zygote servicemanager:binder { call };