From 60e538377a4694c748bc2c8ac268c773f7889b9c Mon Sep 17 00:00:00 2001
From: Steven Moreland <smoreland@google.com>
Date: Fri, 1 Sep 2017 16:58:23 +0000
Subject: [PATCH] Revert "Add screencap domain."
This reverts commit f27bba93d1559c22c0c07f8e0bec4e4e5945e230.
Bug: 65206688
Change-Id: I8e61b77a1abe9543e4fba77defb8062407676fcf
---
private/adbd.te | 13 +++++++++----
private/app.te | 4 +---
private/compat/26.0/26.0.ignore.cil | 4 +---
private/dumpstate.te | 4 ----
private/file_contexts | 1 -
private/screencap.te | 26 --------------------------
private/shell.te | 4 ----
private/surfaceflinger.te | 1 -
public/dumpstate.te | 3 +++
9 files changed, 14 insertions(+), 46 deletions(-)
delete mode 100644 private/screencap.te
diff --git a/private/adbd.te b/private/adbd.te
index d28b836f1..47a6cbd8c 100644
--- a/private/adbd.te
+++ b/private/adbd.te
@@ -65,9 +65,14 @@ get_prop(adbd, serialno_prop)
# Run /system/bin/bu
allow adbd system_file:file rx_file_perms;
-# Use screencap
-domain_auto_trans(adbd, screencap_exec, screencap)
-allow adbd screencap:process signal;
+# Perform binder IPC to surfaceflinger (screencap)
+# XXX Run screencap in a separate domain?
+binder_use(adbd)
+binder_call(adbd, surfaceflinger)
+# b/13188914
+allow adbd gpu_device:chr_file rw_file_perms;
+allow adbd ion_device:chr_file rw_file_perms;
+r_dir_file(adbd, system_file)
# Needed for various screenshots
hal_client_domain(adbd, hal_graphics_allocator)
@@ -134,5 +139,5 @@ allow adbd rootfs:dir r_dir_perms;
# No transitions from adbd to non-shell, non-crash_dump domains. adbd only ever
# transitions to the shell domain (except when it crashes). In particular, we
# never want to see a transition from adbd to su (aka "adb root")
-neverallow adbd { domain -crash_dump -shell -screencap }:process transition;
+neverallow adbd { domain -crash_dump -shell }:process transition;
neverallow adbd { domain userdebug_or_eng(`-su') }:process dyntransition;
diff --git a/private/app.te b/private/app.te
index 068f09539..9251ed9cb 100644
--- a/private/app.te
+++ b/private/app.te
@@ -409,9 +409,7 @@ neverallow appdomain { domain -appdomain }:file write;
# sigchld allowed for parent death notification.
# signull allowed for kill(pid, 0) existence test.
# All others prohibited.
-neverallow { appdomain -shell } { domain -appdomain }:process
- { sigkill sigstop signal };
-neverallow shell { domain -appdomain -screencap }:process
+neverallow appdomain { domain -appdomain }:process
{ sigkill sigstop signal };
# Transition to a non-app domain.
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index a517b9605..9e1eb9775 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -31,6 +31,4 @@
;; Thus, these types are also not mapped, but recorded for checkapi tests
(typeattribute priv_objects)
(typeattributeset priv_objects
- ( adbd_tmpfs
- screencap
- screencap_exec ))
+ ( adbd_tmpfs ))
diff --git a/private/dumpstate.te b/private/dumpstate.te
index a2f4e258a..0fe2adfc6 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -24,7 +24,3 @@ binder_call(dumpstate, storaged)
# Collect metrics on boot time created by init
get_prop(dumpstate, boottime_prop)
-
-# Use screencap
-domain_auto_trans(dumpstate, screencap_exec, screencap)
-allow dumpstate screencap:process signal;
diff --git a/private/file_contexts b/private/file_contexts
index 8804352e0..536975894 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -212,7 +212,6 @@
/system/bin/mediametrics u:object_r:mediametrics_exec:s0
/system/bin/cameraserver u:object_r:cameraserver_exec:s0
/system/bin/mediaextractor u:object_r:mediaextractor_exec:s0
-/system/bin/screencap u:object_r:screencap_exec:s0
/system/bin/mdnsd u:object_r:mdnsd_exec:s0
/system/bin/installd u:object_r:installd_exec:s0
/system/bin/otapreopt_chroot u:object_r:otapreopt_chroot_exec:s0
diff --git a/private/screencap.te b/private/screencap.te
deleted file mode 100644
index 579373aa6..000000000
--- a/private/screencap.te
+++ /dev/null
@@ -1,26 +0,0 @@
-type screencap, domain;
-type screencap_exec, exec_type, file_type;
-
-typeattribute screencap coredomain;
-
-allow screencap gpu_device:chr_file rw_file_perms;
-allow screencap ion_device:chr_file rw_file_perms;
-
-allow screencap adbd:fifo_file write;
-allow screencap adbd:fd use;
-allow screencap adbd:unix_stream_socket { read write };
-
-allow screencap shell_data_file:file write;
-allow screencap shell:fd use;
-allow screencap shell:unix_stream_socket { read write };
-
-allow screencap dumpstate:fd use;
-allow screencap dumpstate:unix_stream_socket { read write };
-
-binder_use(screencap)
-binder_call(screencap, surfaceflinger)
-allow screencap surfaceflinger_service:service_manager find;
-allow screencap surfaceflinger:fd use;
-
-hwbinder_use(screencap)
-hal_client_domain(screencap, hal_graphics_allocator)
diff --git a/private/shell.te b/private/shell.te
index 095dc4391..5299532ac 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -26,7 +26,3 @@ binder_call(shell, storaged)
# Perform SELinux access checks, needed for CTS
selinux_check_access(shell)
selinux_check_context(shell)
-
-# Use screencap
-domain_auto_trans(shell, screencap_exec, screencap)
-allow shell screencap:process signal;
diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index 7184fbcc7..b33035e8e 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@@ -21,7 +21,6 @@ binder_use(surfaceflinger)
binder_call(surfaceflinger, binderservicedomain)
binder_call(surfaceflinger, appdomain)
binder_call(surfaceflinger, bootanim)
-binder_call(surfaceflinger, screencap)
binder_service(surfaceflinger)
# Binder IPC to bu, presently runs in adbd domain.
diff --git a/public/dumpstate.te b/public/dumpstate.te
index 3e977311f..f6d6a0a69 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -142,6 +142,9 @@ allow dumpstate bluetooth_data_file:dir search;
allow dumpstate bluetooth_logs_data_file:dir r_dir_perms;
allow dumpstate bluetooth_logs_data_file:file r_file_perms;
+# Dumpstate calls screencap, which grabs a screenshot. Needs gpu access
+allow dumpstate gpu_device:chr_file rw_file_perms;
+
# logd access
read_logd(dumpstate)
control_logd(dumpstate)
--
GitLab