Move domain_deprecated into private policy

This attribute is being actively removed from policy. Since attributes are not being versioned, partners must not be able to access and use this attribute. Move it from private and verify in the logs that rild and tee are not using these permissions. Bug: 38316109 Test: build and boot Marlin Test: Verify that rild and tee are not being granted any of these permissions. Change-Id: I31beeb5bdf3885195310b086c1af3432dc6a349b

Move domain_deprecated into private policy
76aab82c · Jeff Vander Stoep · 2dd9ae33 · 76aab82c · 76aab82c · 76aab82c
Commit 76aab82c authored 8 years ago by Jeff Vander Stoep
--- a/private/ueventd.te
+++ b/private/ueventd.te
 typeattribute ueventd coredomain;
+typeattribute ueventd domain_deprecated;
 tmpfs_domain(ueventd)
--- a/private/uncrypt.te
+++ b/private/uncrypt.te
 typeattribute uncrypt coredomain;
+typeattribute uncrypt domain_deprecated;
 init_daemon_domain(uncrypt)
--- a/private/update_engine.te
+++ b/private/update_engine.te
 typeattribute update_engine coredomain;
+typeattribute update_engine domain_deprecated;
 init_daemon_domain(update_engine);
--- a/private/vold.te
+++ b/private/vold.te
 typeattribute vold coredomain;
+typeattribute vold domain_deprecated;
 init_daemon_domain(vold)

--- a/public/attributes
+++ b/public/attributes
@@ -10,16 +10,6 @@ attribute dev_type;
 # All types used for processes.
 attribute domain;
-# Temporary attribute used for migrating permissions out of domain.
-# Motivation: Domain is overly permissive. Start removing permissions
-# from domain and assign them to the domain_deprecated attribute.
-# Domain_deprecated and domain can initially be assigned to all
-# domains. The goal is to not assign domain_deprecated to new domains
-# and to start removing domain_deprecated where it's not required or
-# reassigning the appropriate permissions to the inheriting domain
-# when necessary.
-attribute domain_deprecated;
 # All types used for filesystems.
 # On change, update CHECK_FC_ASSERT_ATTRS
 # definition in tools/checkfc.c.

--- a/public/clatd.te
+++ b/public/clatd.te
 # 464xlat daemon
-type clatd, domain, domain_deprecated;
+type clatd, domain;
 type clatd_exec, exec_type, file_type;
 net_domain(clatd)

--- a/public/dex2oat.te
+++ b/public/dex2oat.te
 # dex2oat
-type dex2oat, domain, domain_deprecated;
+type dex2oat, domain;
 type dex2oat_exec, exec_type, file_type;
 r_dir_file(dex2oat, apk_data_file)

--- a/public/dhcp.te
+++ b/public/dhcp.te
-type dhcp, domain, domain_deprecated;
+type dhcp, domain;
 type dhcp_exec, exec_type, file_type;
 net_domain(dhcp)

--- a/public/dumpstate.te
+++ b/public/dumpstate.te
 # dumpstate
-type dumpstate, domain, domain_deprecated, mlstrustedsubject;
+type dumpstate, domain, mlstrustedsubject;
 type dumpstate_exec, exec_type, file_type;
 net_domain(dumpstate)

--- a/public/fingerprintd.te
+++ b/public/fingerprintd.te
-type fingerprintd, domain, domain_deprecated;
+type fingerprintd, domain;
 type fingerprintd_exec, exec_type, file_type;
 binder_use(fingerprintd)

--- a/public/fsck.te
+++ b/public/fsck.te
 # Any fsck program run by init
-type fsck, domain, domain_deprecated;
+type fsck, domain;
 type fsck_exec, exec_type, file_type;
 # /dev/__null__ created by init prior to policy load,

--- a/public/fsck_untrusted.te
+++ b/public/fsck_untrusted.te
 # Any fsck program run on untrusted block devices
-type fsck_untrusted, domain, domain_deprecated;
+type fsck_untrusted, domain;
 # Inherit and use pty created by android_fork_execvp_ext().
 allow fsck_untrusted devpts:chr_file { read write ioctl getattr };

--- a/public/installd.te
+++ b/public/installd.te
 # installer daemon
-type installd, domain, domain_deprecated;
+type installd, domain;
 type installd_exec, exec_type, file_type;
 typeattribute installd mlstrustedsubject;
 allow installd self:capability { chown dac_override fowner fsetid setgid setuid sys_admin };

--- a/public/keystore.te
+++ b/public/keystore.te
-type keystore, domain, domain_deprecated;
+type keystore, domain;
 type keystore_exec, exec_type, file_type;
 # keystore daemon

--- a/public/mtp.te
+++ b/public/mtp.te
 # vpn tunneling protocol manager
-type mtp, domain, domain_deprecated;
+type mtp, domain;
 type mtp_exec, exec_type, file_type;
 net_domain(mtp)

--- a/public/netd.te
+++ b/public/netd.te
 # network manager
-type netd, domain, domain_deprecated, mlstrustedsubject;
+type netd, domain, mlstrustedsubject;
 type netd_exec, exec_type, file_type;
 net_domain(netd)

--- a/public/perfprofd.te
+++ b/public/perfprofd.te
@@ -4,7 +4,6 @@ type perfprofd_exec, exec_type, file_type;
 userdebug_or_eng(`
-  typeattribute perfprofd domain_deprecated;
  typeattribute perfprofd coredomain;
  typeattribute perfprofd mlstrustedsubject;

--- a/public/ppp.te
+++ b/public/ppp.te
 # Point to Point Protocol daemon
-type ppp, domain, domain_deprecated;
+type ppp, domain;
 type ppp_device, dev_type;
 type ppp_exec, exec_type, file_type;

--- a/public/radio.te
+++ b/public/radio.te
 # phone subsystem
-type radio, domain, domain_deprecated, mlstrustedsubject;
+type radio, domain, mlstrustedsubject;
 net_domain(radio)
 bluetooth_domain(radio)

--- a/public/recovery.te
+++ b/public/recovery.te
@@ -2,7 +2,7 @@
 # Declare the domain unconditionally so we can always reference it
 # in neverallow rules.
-type recovery, domain, domain_deprecated;
+type recovery, domain;
 # But the allow rules are only included in the recovery policy.
 # Otherwise recovery is only allowed the domain rules.