Remove vendor_init from coredomain

vendor_init exists on the system partition, but it is meant to be an extention of init that runs with vendor permissions for executing vendor scripts, therefore it is not meant to be in coredomain. Bug: 62875318 Test: boot walleye Change-Id: I01af5c9f8b198674b15b90620d02725a6e7c1da6

Remove vendor_init from coredomain
70e8f421 · Tom Cherry · fba4a780 · 70e8f421 · 70e8f421 · 70e8f421
Commit 70e8f421 authored 7 years ago by Tom Cherry
--- a/private/coredomain.te
+++ b/private/coredomain.te
@@ -10,7 +10,6 @@ neverallow {

    # generic access to sysfs_type
    -ueventd
-    -vendor_init
    -vold
 } sysfs_leds:file *;
 ')
--- a/private/domain.te
+++ b/private/domain.te
@@ -25,7 +25,6 @@ full_treble_only(`
  neverallow {
    coredomain
    -vold
-    -vendor_init
  } proc:file no_rw_file_perms;

  # /sys
@@ -34,7 +33,6 @@ full_treble_only(`
    -init
    -ueventd
    -vold
-    -vendor_init
  } sysfs:file no_rw_file_perms;

  # /dev
@@ -43,7 +41,6 @@ full_treble_only(`
    -fsck
    -init
    -ueventd
-    -vendor_init
  } device:{ blk_file file } no_rw_file_perms;

  # debugfs
@@ -52,7 +49,6 @@ full_treble_only(`
    -dumpstate
    -init
    -system_server
-    -vendor_init
  } debugfs:file no_rw_file_perms;

  # tracefs
@@ -65,14 +61,12 @@ full_treble_only(`
    userdebug_or_eng(`-traced_probes')
    -shell
    userdebug_or_eng(`-traceur_app')
-    -vendor_init
  } debugfs_tracing:file no_rw_file_perms;

  # inotifyfs
  neverallow {
    coredomain
    -init
-    -vendor_init
  } inotify:file no_rw_file_perms;

  # pstorefs
@@ -89,7 +83,6 @@ full_treble_only(`
    -recovery_refresh
    -shell
    -system_server
-    -vendor_init
  } pstorefs:file no_rw_file_perms;

  # configfs
@@ -97,7 +90,6 @@ full_treble_only(`
    coredomain
    -init
    -system_server
-    -vendor_init
  } configfs:file no_rw_file_perms;

  # functionfs
@@ -106,13 +98,11 @@ full_treble_only(`
    -adbd
    -init
    -mediaprovider
-    -vendor_init
  }functionfs:file no_rw_file_perms;

  # usbfs and binfmt_miscfs
  neverallow {
    coredomain
    -init
-    -vendor_init
  }{ usbfs binfmt_miscfs }:file no_rw_file_perms;
 ')
--- a/private/vendor_init.te
+++ b/private/vendor_init.te
-typeattribute vendor_init coredomain;
-
 # Creating files on sysfs is impossible so this isn't a threat
 # Sometimes we have to write to non-existent files to avoid conditional
 # init behavior. See b/35303861 for an example.

--- a/public/domain.te
+++ b/public/domain.te
@@ -725,6 +725,7 @@ full_treble_only(`
    -appdomain # appdomain restrictions below
    -data_between_core_and_vendor_violators # b/70393317
    -socket_between_core_and_vendor_violators
+    -vendor_init
  } {
    coredomain_socket
    core_data_file_type
@@ -752,7 +753,6 @@ full_treble_only(`
    -init
    -ueventd
    -socket_between_core_and_vendor_violators
-    -vendor_init
  } {
    file_type
    dev_type
@@ -778,7 +778,6 @@ full_treble_only(`
    -appdomain # TODO(b/34980020) remove exemption for appdomain
    -data_between_core_and_vendor_violators
    -init
-    -vendor_init
    -vold_prepare_subdirs
  } {
    data_file_type
@@ -789,7 +788,6 @@ full_treble_only(`
    -appdomain # TODO(b/34980020) remove exemption for appdomain
    -data_between_core_and_vendor_violators
    -init
-    -vendor_init
    -vold_prepare_subdirs
    } {
      data_file_type
@@ -851,7 +849,6 @@ full_treble_only(`
        userdebug_or_eng(`-perfprofd')
        -postinstall_dexopt
        -system_server
-        -vendor_init
    } vendor_app_file:dir { open read getattr search };

    neverallow {
@@ -864,7 +861,6 @@ full_treble_only(`
        userdebug_or_eng(`-perfprofd')
        -postinstall_dexopt
        -system_server
-        -vendor_init
    } vendor_app_file:{ file lnk_file } r_file_perms;

    # Limit access to /vendor/overlay
@@ -876,7 +872,6 @@ full_treble_only(`
        -installd
        -system_server
        -zygote
-        -vendor_init
    } vendor_overlay_file:dir { getattr open read search };

    neverallow {
@@ -887,7 +882,6 @@ full_treble_only(`
        -installd
        -system_server
        -zygote
-        -vendor_init
    } vendor_overlay_file:{ file lnk_file } r_file_perms;

    # Non-vendor domains are not allowed to file execute shell
@@ -895,7 +889,6 @@ full_treble_only(`
    neverallow {
        coredomain
        -init
-        -vendor_init
        -shell
    } vendor_shell_exec:file { execute execute_no_trans };

@@ -921,7 +914,6 @@ full_treble_only(`
      coredomain
      -init
      -system_executes_vendor_violators
-      -vendor_init
    } {
      vendor_file_type
      -same_process_hal_file
@@ -1231,6 +1223,5 @@ full_treble_only(`
    -ueventd
    -crash_dump
    -perfprofd
-    -vendor_init
  } vendor_file:file { create_file_perms x_file_perms };
 ')
--- a/tests/treble_sepolicy_tests.py
+++ b/tests/treble_sepolicy_tests.py
@@ -38,6 +38,7 @@ coredomainWhitelist = {
        'postinstall_dexopt',
        'recovery',
        'system_server',
+        'vendor_init',
        }
 coredomainWhitelist |= coreAppdomain