Clarify init_shell, shell, and su domain usage.

init_shell domain is now only used for shell commands or scripts invoked by init*.rc files, never for an interactive shell. It was being used for console service for a while but console service is now assigned shell domain via seclabel in init.rc. We may want to reconsider the shelldomain rules for init_shell and whether they are still appropriate. shell domain is now used by both adb shell and console service, both of which also run in the shell UID. su domain is now used not only for /system/bin/su but also for adbd and its descendants after an adb root is performed. Change-Id: I502ab98aafab7dafb8920ccaa25e8fde14a8f572 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Clarify init_shell, shell, and su domain usage.
b3cb9695 · Stephen Smalley · b73d321a · b3cb9695 · b3cb9695 · b3cb9695
Commit b3cb9695 authored 11 years ago by Stephen Smalley
--- a/init_shell.te
+++ b/init_shell.te
-# Restricted domain for shell processes spawned by init
+# Restricted domain for shell processes spawned by init.
+# Normally these are shell commands or scripts invoked via sh
+# from an init*.rc file.  No service should ever run in this domain.
 type init_shell, domain, shelldomain;
 domain_auto_trans(init, shell_exec, init_shell)
 unconfined_domain(init_shell)

--- a/shell.te
+++ b/shell.te
-# Domain for shell processes spawned by ADB
+# Domain for shell processes spawned by ADB or console service.
 type shell, domain, shelldomain, mlstrustedsubject;
 type shell_exec, exec_type, file_type;


--- a/su.te
+++ b/su.te
@@ -2,6 +2,9 @@
 type su_exec, exec_type, file_type;

 userdebug_or_eng(`
+  # Domain used for su processes, as well as for adbd and adb shell
+  # after performing an adb root command.  The domain definition is
+  # wrapped to ensure that it does not exist at all on -user builds.
  type su, domain;
  domain_auto_trans(shell, su_exec, su)