From b5853c3b95d21f1dbb0ee58264c2f2804bb3af9e Mon Sep 17 00:00:00 2001
From: Alex Klyubin <klyubin@google.com>
Date: Thu, 5 Jan 2017 17:18:32 -0800
Subject: [PATCH] Move system_app policy to private

This leaves only the existence of system_app domain as public API.
All other rules are implementation details of this domain's policy and
are thus now private.

Test: No change to policy according to sesearch, except for
      disappearance of all allow rules from system_app_current
      attribute (as expected).
Bug: 31364497

Change-Id: Ifc7d350ed9749a32b0c38a78ac5f41c819dbdb96
---
 private/system_app.te | 79 ++++++++++++++++++++++++++++++++++++++++
 public/system_app.te  | 83 ++++---------------------------------------
 2 files changed, 85 insertions(+), 77 deletions(-)

diff --git a/private/system_app.te b/private/system_app.te
index f6b03053f..367df1f24 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -1 +1,80 @@
+###
+### Apps that run with the system UID, e.g. com.android.system.ui,
+### com.android.settings.  These are not as privileged as the system
+### server.
+###
+
+typeattribute system_app domain_deprecated;
+
 app_domain(system_app)
+net_domain(system_app)
+binder_service(system_app)
+
+# Read and write /data/data subdirectory.
+allow system_app system_app_data_file:dir create_dir_perms;
+allow system_app system_app_data_file:{ file lnk_file } create_file_perms;
+
+# Read and write to /data/misc/user.
+allow system_app misc_user_data_file:dir create_dir_perms;
+allow system_app misc_user_data_file:file create_file_perms;
+
+# Access to vold-mounted storage for measuring free space
+allow system_app mnt_media_rw_file:dir search;
+
+# Read wallpaper file.
+allow system_app wallpaper_file:file r_file_perms;
+
+# Read icon file.
+allow system_app icon_file:file r_file_perms;
+
+# Write to properties
+set_prop(system_app, bluetooth_prop)
+set_prop(system_app, debug_prop)
+set_prop(system_app, system_prop)
+set_prop(system_app, logd_prop)
+set_prop(system_app, net_radio_prop)
+set_prop(system_app, system_radio_prop)
+set_prop(system_app, log_tag_prop)
+userdebug_or_eng(`set_prop(system_app, logpersistd_logging_prop)')
+auditallow system_app net_radio_prop:property_service set;
+auditallow system_app system_radio_prop:property_service set;
+
+# ctl interface
+set_prop(system_app, ctl_default_prop)
+set_prop(system_app, ctl_bugreport_prop)
+
+# Create /data/anr/traces.txt.
+allow system_app anr_data_file:dir ra_dir_perms;
+allow system_app anr_data_file:file create_file_perms;
+
+# Settings need to access app name and icon from asec
+allow system_app asec_apk_file:file r_file_perms;
+
+allow system_app servicemanager:service_manager list;
+# TODO: scope this down? Too broad?
+allow system_app { service_manager_type -netd_service -dumpstate_service -installd_service }:service_manager find;
+
+allow system_app keystore:keystore_key {
+    get_state
+    get
+    insert
+    delete
+    exist
+    list
+    reset
+    password
+    lock
+    unlock
+    is_empty
+    sign
+    verify
+    grant
+    duplicate
+    clear_uid
+    user_changed
+};
+
+# /sys access
+r_dir_file(system_app, sysfs_type)
+
+control_logd(system_app)
diff --git a/public/system_app.te b/public/system_app.te
index 9eddf6588..023058ee0 100644
--- a/public/system_app.te
+++ b/public/system_app.te
@@ -1,78 +1,7 @@
-#
-# Apps that run with the system UID, e.g. com.android.system.ui,
-# com.android.settings.  These are not as privileged as the system
-# server.
-#
-type system_app, domain, domain_deprecated;
+###
+### Apps that run with the system UID, e.g. com.android.system.ui,
+### com.android.settings.  These are not as privileged as the system
+### server.
+###
 
-net_domain(system_app)
-binder_service(system_app)
-
-# Read and write /data/data subdirectory.
-allow system_app system_app_data_file:dir create_dir_perms;
-allow system_app system_app_data_file:{ file lnk_file } create_file_perms;
-
-# Read and write to /data/misc/user.
-allow system_app misc_user_data_file:dir create_dir_perms;
-allow system_app misc_user_data_file:file create_file_perms;
-
-# Access to vold-mounted storage for measuring free space
-allow system_app mnt_media_rw_file:dir search;
-
-# Read wallpaper file.
-allow system_app wallpaper_file:file r_file_perms;
-
-# Read icon file.
-allow system_app icon_file:file r_file_perms;
-
-# Write to properties
-set_prop(system_app, bluetooth_prop)
-set_prop(system_app, debug_prop)
-set_prop(system_app, system_prop)
-set_prop(system_app, logd_prop)
-set_prop(system_app, net_radio_prop)
-set_prop(system_app, system_radio_prop)
-set_prop(system_app, log_tag_prop)
-userdebug_or_eng(`set_prop(system_app, logpersistd_logging_prop)')
-auditallow system_app net_radio_prop:property_service set;
-auditallow system_app system_radio_prop:property_service set;
-
-# ctl interface
-set_prop(system_app, ctl_default_prop)
-set_prop(system_app, ctl_bugreport_prop)
-
-# Create /data/anr/traces.txt.
-allow system_app anr_data_file:dir ra_dir_perms;
-allow system_app anr_data_file:file create_file_perms;
-
-# Settings need to access app name and icon from asec
-allow system_app asec_apk_file:file r_file_perms;
-
-allow system_app servicemanager:service_manager list;
-# TODO: scope this down? Too broad?
-allow system_app { service_manager_type -netd_service -dumpstate_service -installd_service }:service_manager find;
-
-allow system_app keystore:keystore_key {
-	get_state
-	get
-	insert
-	delete
-	exist
-	list
-	reset
-	password
-	lock
-	unlock
-	is_empty
-	sign
-	verify
-	grant
-	duplicate
-	clear_uid
-	user_changed
-};
-
-# /sys access
-r_dir_file(system_app, sysfs_type)
-
-control_logd(system_app)
+type system_app, domain;
-- 
GitLab