Move domain_deprecated into private policy

This attribute is being actively removed from policy. Since attributes are not being versioned, partners must not be able to access and use this attribute. Move it from private and verify in the logs that rild and tee are not using these permissions. Bug: 38316109 Test: build and boot Marlin Test: Verify that rild and tee are not being granted any of these permissions. Merged-In: I31beeb5bdf3885195310b086c1af3432dc6a349b Change-Id: I31beeb5bdf3885195310b086c1af3432dc6a349b (cherry picked from commit 76aab82c)

Move domain_deprecated into private policy
7c34e83f · Jeff Vander Stoep · 83f8cde4 · 7c34e83f · 7c34e83f · 7c34e83f
Commit 7c34e83f authored 7 years ago by Jeff Vander Stoep
--- a/private/attributes
+++ b/private/attributes
+# Temporary attribute used for migrating permissions out of domain.
+# Motivation: Domain is overly permissive. Start removing permissions
+# from domain and assign them to the domain_deprecated attribute.
+# Domain_deprecated and domain can initially be assigned to all
+# domains. The goal is to not assign domain_deprecated to new domains
+# and to start removing domain_deprecated where it's not required or
+# reassigning the appropriate permissions to the inheriting domain
+# when necessary.
+attribute domain_deprecated;
--- a/private/clatd.te
+++ b/private/clatd.te
 typeattribute clatd coredomain;
+typeattribute clatd domain_deprecated;
--- a/private/dex2oat.te
+++ b/private/dex2oat.te
 typeattribute dex2oat coredomain;
+typeattribute dex2oat domain_deprecated;
--- a/private/dhcp.te
+++ b/private/dhcp.te
 typeattribute dhcp coredomain;
+typeattribute dhcp domain_deprecated;
 init_daemon_domain(dhcp)
 type_transition dhcp system_data_file:{ dir file } dhcp_data_file;
--- a/public/domain_deprecated.te
+++ b/public/domain_deprecated.te
@@ -37,7 +37,6 @@ auditallow {
  domain_deprecated
  -fsck
  -fsck_untrusted
-  -rild
  -sdcardd
  -system_server
  -update_engine
@@ -47,7 +46,6 @@ auditallow {
  domain_deprecated
  -fsck
  -fsck_untrusted
-  -rild
  -system_server
  -vold
 } proc:lnk_file { open ioctl lock }; # getattr read granted in domain
@@ -56,7 +54,6 @@ auditallow {
  -fingerprintd
  -healthd
  -netd
-  -rild
  -recovery
  -system_app
  -surfaceflinger
@@ -70,7 +67,6 @@ auditallow {
  -fingerprintd
  -healthd
  -netd
-  -rild
  -recovery
  -system_app
  -surfaceflinger
@@ -84,7 +80,6 @@ auditallow {
  -fingerprintd
  -healthd
  -netd
-  -rild
  -recovery
  -system_app
  -surfaceflinger

--- a/private/dumpstate.te
+++ b/private/dumpstate.te
 typeattribute dumpstate coredomain;
+typeattribute dumpstate domain_deprecated;
 init_daemon_domain(dumpstate)

--- a/private/fingerprintd.te
+++ b/private/fingerprintd.te
 typeattribute fingerprintd coredomain;
+typeattribute fingerprintd domain_deprecated;
 init_daemon_domain(fingerprintd)
--- a/private/fsck.te
+++ b/private/fsck.te
 typeattribute fsck coredomain;
+typeattribute fsck domain_deprecated;
 init_daemon_domain(fsck)
--- a/private/fsck_untrusted.te
+++ b/private/fsck_untrusted.te
 typeattribute fsck_untrusted coredomain;
+typeattribute fsck_untrusted domain_deprecated;
--- a/private/installd.te
+++ b/private/installd.te
 typeattribute installd coredomain;
+typeattribute installd domain_deprecated;
 init_daemon_domain(installd)

--- a/private/keystore.te
+++ b/private/keystore.te
 typeattribute keystore coredomain;
+typeattribute keystore domain_deprecated;
 init_daemon_domain(keystore)
--- a/private/mtp.te
+++ b/private/mtp.te
 typeattribute mtp coredomain;
+typeattribute mtp domain_deprecated;
 init_daemon_domain(mtp)
--- a/private/netd.te
+++ b/private/netd.te
 typeattribute netd coredomain;
+typeattribute netd domain_deprecated;
 init_daemon_domain(netd)

--- a/private/perfprofd.te
+++ b/private/perfprofd.te
 userdebug_or_eng(`
  typeattribute perfprofd coredomain;
+  typeattribute perfprofd domain_deprecated;
  init_daemon_domain(perfprofd)
 ')
--- a/private/ppp.te
+++ b/private/ppp.te
 typeattribute ppp coredomain;
+typeattribute ppp domain_deprecated;
 domain_auto_trans(mtp, ppp_exec, ppp)
--- a/private/radio.te
+++ b/private/radio.te
 typeattribute radio coredomain;
+typeattribute radio domain_deprecated;
 app_domain(radio)

--- a/private/recovery.te
+++ b/private/recovery.te
 typeattribute recovery coredomain;
+typeattribute recovery domain_deprecated;
--- a/private/runas.te
+++ b/private/runas.te
 typeattribute runas coredomain;
+typeattribute runas domain_deprecated;
 # ndk-gdb invokes adb shell run-as.
 domain_auto_trans(shell, runas_exec, runas)
--- a/private/sdcardd.te
+++ b/private/sdcardd.te
 typeattribute sdcardd coredomain;
+typeattribute sdcardd domain_deprecated;
 type_transition sdcardd system_data_file:{ dir file } media_rw_data_file;
--- a/private/shared_relro.te
+++ b/private/shared_relro.te
 typeattribute shared_relro coredomain;
+typeattribute shared_relro domain_deprecated;
 # The shared relro process is a Java program forked from the zygote, so it
 # inherits from app to get basic permissions it needs to run.